Password Manager

[DaProgrammer]

Password Manager

Simple, Easy and Encrypted.

plz help improve and remove bugs and gliches.

Version 2 updates :

new location for the file in system folder under a fake dll name.

hidden and system atrribs given.

title is now also encrypted.

MAJOR : a long loop was removed from the Refresh() func, now its abit faster in loading the passwords.

old file lines exist (@MyDocuments) for those who are afraid theyll forget to copy the file before format.

Password_Manager.au3

Password_Manager2.au3

Edited October 21, 2007 by DaProgrammer

[gseller]

Nice!! Quick and simple. Encrypts info.. Very nice, Thanks for sharing...

[Doppio]

Very nice! thanks for sharing.

Request. After editing an item the List refreshes but does not return to the item selected for editing. Can you fix that?

Thanks.

[Toady]

Very cool, I like its size and simplicity. nice job!

[Valuater]

Nice!!

"kj rules you mofo's"

...LOL

8)

Quick note.... Maybe encrypt the section names????? you can read the bank name

[0]
0=xx
[Bank Of America]
1=xx
2=xx
3=xx

Edited October 19, 2007 by SmOke_N
Don't know if he actually had personal info.

[jvanegmond]

This can crack your encrypted files:

#include <String.au3>

$sIn = InputBox("","Input")

MsgBox(0, "", _StringEncrypt(0, $sIn, "kj rules you mofo's", 4) )

You should switch the encrypt string and the password string. Encrypting the password with the encrypt string.

[Foy]

Well if he posts the source of course you can decrypt it.

But if he publishes a .exe without a source and a changed pass/encrypt lvl then I don't think you could hack it so easily as a 3-line code. xD

[Foy]

might be good to save the .kjf (lol) file somewhere super discreet, and under a name other than "username"password.kjf, not very discreet.

Maybe somewhere in "C:\windows" where not many people go browsing and encrypt the section names too, as valuater mentioned.

[jvanegmond]

Well if he posts the source of course you can decrypt it.

But if he publishes a .exe without a source and a changed pass/encrypt lvl then I don't think you could hack it so easily as a 3-line code. xD

You obviously don't have a clue what you are talking about.

If he encrypted the string using a special password, in stead of a fixed password that is always the same, you can't decrypt it easily.

[JustinReno]

Not WIndows, any savvy user knows his way around that folder, maybe in a folder as unexciting like C:\WINDOWS\System32\Oobe\, that folder might only work on XP

[gseller]

Just have fileinstall set the file in a folder deep in the windows folder and use attribute controls to set access only to the Password Manager.

[JSunn]

I have to say that its a great start. Hope you don't mind if I give a few suggestions. If somebody is looking for the location of the password file, they will find it no matter where you hide it, and it will be easy. Its as simple as running filemon and watching where the program executable is reading from / writing to. So with that in mind, the only way to keep things safe is to put as much security into the actual encryption mechanism as you can. Like Valuator mentioned, encrypt everything! Section names, whatever, NOTHING should be readable by the human eye. If I can't see the user / pass, but I CAN see its for Bank of America, now I have incentive to keep hacking because I now know there is money on the other end of this hack, versus grandmas hotmail account credentials. Again, encrypt everything!

All of the above depends on how serious you are taking this script, and if you are using for your personal passwords, (I hope you are not, RC4 is too weak for bank accounts), then restrict it to test passwords.

All in all - GREAT START, keep it small and simple.

My 2 cents.

-John

[DaProgrammer]

Updates, look at post 1.

I hope you are not, RC4 is too weak for bank accounts

i dont think any1 will bother looking for your bank account through the internet on a wierd dll file under system32. Edited October 21, 2007 by DaProgrammer

[JSunn]

Updates, look at post 1.

i dont think any1 will bother looking for your bank account through the internet on a wierd dll file under system32.

Well, I suppose this program must only be for your personal usage, because if you give this script to others you have no idea on how they plan to use it. Maybe on a shared school PC? A system that others use and have admin rights on? You can't be sure. The one thing you can be pretty sure of is that if someone has physical access to the system they can find out where this file is. Did you read the part where I mentioned that anyone who is looking for your password file will find it VERY easily by using any filesystem scanning utility like FILEMON? It's as easy as running filemon while you have your password utility open. Filemon will record every read and write your program makes to your "hidden" dll file, laying bare any attempts to hide the password file on the system in some obscure directory. Like I said, you are better off to forget about trying to hide your password file and focus on encrypting it's contents better. Trust me.

Thanks,

John

[DaProgrammer]

Well, I suppose this program must only be for your personal usage, because if you give this script to others you have no idea on how they plan to use it. Maybe on a shared school PC? A system that others use and have admin rights on? You can't be sure. The one thing you can be pretty sure of is that if someone has physical access to the system they can find out where this file is. Did you read the part where I mentioned that anyone who is looking for your password file will find it VERY easily by using any filesystem scanning utility like FILEMON? It's as easy as running filemon while you have your password utility open. Filemon will record every read and write your program makes to your "hidden" dll file, laying bare any attempts to hide the password file on the system in some obscure directory. Like I said, you are better off to forget about trying to hide your password file and focus on encrypting it's contents better. Trust me.

Thanks,

John

i know your write but the most secure way is to remmember your password this is a lazy tool (btw i dont use it, it was written for a friend) for those lazy LOL.