Jump to content

Data encryption

Arlen

By Arlen,
in AutoIt General Help and Support

 Share

Recommended Posts

Arlen Wayfarer

Arlen

Posted
Posted

How can I encrypt data with Autoit and at the same time not store the key in the script.

For example I want to be able to encrypt data and then when user enters password it will decrypt it, but not storing the key in the script because I don't find it safe to do that.

Link to comment
Share on other sites
jdelaney Universalist

jdelaney

Posted
Posted (edited)

I was working on this...uses lots of guids for salts, hashes, and encryption based on the user provided password plus a salt:

Long story short, you can store a 'Hash' to verify the password is correct...to create a hash is a one way door.  It's much safer to hash the string with a salt:

https://crackstation.net/hashing-security.htm

  1. The user creates an account.
  2. Their password is hashed and stored in the database. At no point is the plain-text (unencrypted) password ever written to the hard drive.
  3. When the user attempts to login, the hash of the password they entered is checked against the hash of their real password (retrieved from the database).
  4. If the hashes match, the user is granted access. If not, the user is told they entered invalid login credentials.
  5. Steps 3 and 4 repeat every time someone tries to login to their account.
Edited by jdelaney
IEbyXPATH-Grab IE DOM objects by XPATH IEscriptRecord-Makings of an IE script recorder ExcelFromXML-Create Excel docs without excel installed GetAllWindowControls-Output all control data on a given window.
Link to comment
Share on other sites
Arlen Wayfarer

Arlen

Posted
  • Author
Posted
On 1/23/2018 at 11:11 PM, jdelaney said:

I was working on this...uses lots of guids for salts, hashes, and encryption based on the user provided password plus a salt:

Long story short, you can store a 'Hash' to verify the password is correct...to create a hash is a one way door.  It's much safer to hash the string with a salt:

https://crackstation.net/hashing-security.htm

  1. The user creates an account.
  2. Their password is hashed and stored in the database. At no point is the plain-text (unencrypted) password ever written to the hard drive.
  3. When the user attempts to login, the hash of the password they entered is checked against the hash of their real password (retrieved from the database).
  4. If the hashes match, the user is granted access. If not, the user is told they entered invalid login credentials.
  5. Steps 3 and 4 repeat every time someone tries to login to their account.

Thanks!!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...