Leo1906 Posted February 1, 2017 Share Posted February 1, 2017 Hello there Difficult to choose a title for this. I have a question regarding the Crypt functionallity build into Autoit. Here is the example script: #include <Crypt.au3> Local Const $key1 = "CryptPassword" Local Const $key2 = StringToBinary("CryptPassword") ConsoleWrite("Key 1: " & $key1 & @CRLF & "Key 2: " & $key2 & @CRLF) Local $sData = "..upon a time there was a language without any standardized cryptographic functions. That language is no more." Local $encryptedData = encrypt($sData, $key1) MsgBox(0, "Encrypted", $encryptedData) $encryptedData = decrypt($encryptedData, $key2) MsgBox(0, "Decrypted", $encryptedData) Func encrypt($data, $key) Local $bEncrypted = _Crypt_EncryptData($data, $key, $CALG_RC4) Return $bEncrypted EndFunc Func decrypt($data, $key) $bEncrypted = _Crypt_DecryptData($data, $key, $CALG_RC4) Return BinaryToString($bEncrypted) EndFunc Modified from the helpfile. So now the question is .. why is the crypt function accepting the password in binary form and not the same form I used it the first time? Why is there no difference? So I'm using the same password for crypting and decrypting (I know the title says bit different .. ) but in different form. My question is: Why does the crypt function don't care about this? In "clear text" (for humans to read) the passwords are different (look @ console output). Isn't this a bad thing? Imagine I want to use a password for crypting which has accidently the syntax of a binary value. Than there you could be able to decrypt the password with the String (I don't know how it's called) value of the password I intended to use ..? Maybe somebody can explain this to me Thanks Link to comment Share on other sites More sharing options...
spudw2k Posted February 1, 2017 Share Posted February 1, 2017 (edited) Best I can tell, the string gets converted into binary in the _Crypt_DeriveKey internal func when it set in the dllstruct. If it's already binary there is no conversion. No security issue that I can see. The UDF is doing the conversion for you. If you used $CALG_USERKEY instead of RC4, it wouldn't call the derivekey func and would most likely not work. edit: side-note. Don't use RC4 if possible, it is not considered a secure encryption algorithm anymore. Use 3DES at the minimum, but AES is better/stronger, https://rdist.root.org/2009/08/06/google-tech-talk-on-common-crypto-flaws/ Edited February 3, 2017 by spudw2k Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now