Help with Hash

[Tumulus]

I am creating a script that changes important account information, including passwords and usernames, but I can't take the input from a user at runtime. I could get the script to work with the information included in variables, but that is a security risk we want to avoid. As far as I can tell, _Crypt_HashData or possible _Crypt_EncryptData are how I would go about this. I looked at the help file and I am struggling to understand the implementation. 

Do I need an external document with the info? That would present the same issue. Do I need to create the variable and then run the function in another script and then add it in? I am quite lost.

Could somone give me a basic step-by-step rundown? 

[InunoTaishou]

You would use EncryptData to do what you want. What you're going to need is a crypt key that is used to encrypt and decrypt the information.

#include <Crypt.au3>

_Crypt_Startup()
Global $sCryptKey = "EncryptThisData"
Global $sUsername = _Crypt_EncryptData("FakeUsername2016", $sCryptKey, $CALG_AES_256)
Global $sPassword = _Crypt_EncryptData("!FakePassword2016", $sCryptKey, $CALG_AES_256)

MsgBox("", "Encrypted Data", "Username: " & $sUsername & @CRLF & "Password: " & $sPassword)

$sUsername = BinaryToString(_Crypt_DecryptData($sUsername, $sCryptKey, $CALG_AES_256))
$sPassword = BinaryToString(_Crypt_DecryptData($sPassword, $sCryptKey, $CALG_AES_256))

MsgBox("", "Decrypt Data", "Username: " & $sUsername & @CRLF & "Password: " & $sPassword)

_Crypt_Shutdown()

You could still store the information in encrypted variables and decrypt them when you need to check it. Your information will still be stored in variables but they'll at least be somewhat protected.

Another alternative is use a database to store all of your information (all of your account information). There is a way to use sqlite to encrypt all of your information and just have the script (user) access the database when it needs it. Prompting the user for the password to access the encrypted database. Wrong password should return an error. What this would mean is to access the database the user needs to give the proper password which is not saved inside of your program. I haven't used it before, I've only seen a couple of topics.

[JLogan3o13]

@Tumulus if you search the forum you will find where this has been discussed ad nauseam. In short, you cannot completely protect you script from anyone determined enough (or even half-heatedly interested enough) to get it. If you need that level of security, AutoIt is not the way to go. See some of the threads below as examples:

 

 

 

 

That being said, if you are interested in the encrypting functions they all come with pretty decent examples in the help file. What have you tried on your own? What is not working for you?

 

Edited May 4, 2016 by JLogan3o13

[Trong]

For password hashing:  secure is one-way encryption 

Currently I can not break it!
But it is not safe to check with AutoIt, it's too easy to be bypass!

Anyway, use MD5 or SHA1/512 to encryption for your password!

[Tumulus]

Thanks guys. @InunoTaishou That is a nice little example there. the syntax makes a lot more sense, and from that I can grasp the implementation.

Also, I understand that AutoIT isn't the most secure, and we will look at some other solutions. Really though, the big goal is to not have the passwords show up in various i house admin tools that run using administrator credentials and the security risk isn't so great as to stop using them. Those threads were really interesting though, and made me aware of some risks that I did not understand. Good links.

[Tumulus]

Got it to work! Thanks @InunoTaishou the example was perfect.