Jump to content

Password Manager


DaProgrammer
 Share

Recommended Posts

Password Manager

Posted Image

Simple, Easy and Encrypted.

plz help improve and remove bugs and gliches.

Version 2 updates :

new location for the file in system folder under a fake dll name.

hidden and system atrribs given.

title is now also encrypted.

MAJOR : a long loop was removed from the Refresh() func, now its abit faster in loading the passwords.

old file lines exist (@MyDocuments) for those who are afraid theyll forget to copy the file before format.

Password_Manager.au3

Password_Manager2.au3

Edited by DaProgrammer
Link to comment
Share on other sites

might be good to save the .kjf (lol) file somewhere super discreet, and under a name other than "username"password.kjf, not very discreet.

Maybe somewhere in "C:\windows" where not many people go browsing and encrypt the section names too, as valuater mentioned. <_<

Link to comment
Share on other sites

Well if he posts the source of course you can decrypt it. <_<

But if he publishes a .exe without a source and a changed pass/encrypt lvl then I don't think you could hack it so easily as a 3-line code. xD

You obviously don't have a clue what you are talking about.

If he encrypted the string using a special password, in stead of a fixed password that is always the same, you can't decrypt it easily.

Link to comment
Share on other sites

I have to say that its a great start. Hope you don't mind if I give a few suggestions. If somebody is looking for the location of the password file, they will find it no matter where you hide it, and it will be easy. Its as simple as running filemon and watching where the program executable is reading from / writing to. So with that in mind, the only way to keep things safe is to put as much security into the actual encryption mechanism as you can. Like Valuator mentioned, encrypt everything! Section names, whatever, NOTHING should be readable by the human eye. If I can't see the user / pass, but I CAN see its for Bank of America, now I have incentive to keep hacking because I now know there is money on the other end of this hack, versus grandmas hotmail account credentials. Again, encrypt everything!

All of the above depends on how serious you are taking this script, and if you are using for your personal passwords, (I hope you are not, RC4 is too weak for bank accounts), then restrict it to test passwords.

All in all - GREAT START, keep it small and simple.

My 2 cents.

-John

Link to comment
Share on other sites

Updates, look at post 1.

i dont think any1 will bother looking for your bank account through the internet on a wierd dll file under system32.

Well, I suppose this program must only be for your personal usage, because if you give this script to others you have no idea on how they plan to use it. Maybe on a shared school PC? A system that others use and have admin rights on? You can't be sure. The one thing you can be pretty sure of is that if someone has physical access to the system they can find out where this file is. Did you read the part where I mentioned that anyone who is looking for your password file will find it VERY easily by using any filesystem scanning utility like FILEMON? It's as easy as running filemon while you have your password utility open. Filemon will record every read and write your program makes to your "hidden" dll file, laying bare any attempts to hide the password file on the system in some obscure directory. Like I said, you are better off to forget about trying to hide your password file and focus on encrypting it's contents better. Trust me. <_<

Thanks,

John

Link to comment
Share on other sites

Well, I suppose this program must only be for your personal usage, because if you give this script to others you have no idea on how they plan to use it. Maybe on a shared school PC? A system that others use and have admin rights on? You can't be sure. The one thing you can be pretty sure of is that if someone has physical access to the system they can find out where this file is. Did you read the part where I mentioned that anyone who is looking for your password file will find it VERY easily by using any filesystem scanning utility like FILEMON? It's as easy as running filemon while you have your password utility open. Filemon will record every read and write your program makes to your "hidden" dll file, laying bare any attempts to hide the password file on the system in some obscure directory. Like I said, you are better off to forget about trying to hide your password file and focus on encrypting it's contents better. Trust me. :)

Thanks,

John

i know your write but the most secure way is to remmember your password <_< this is a lazy tool (btw i dont use it, it was written for a friend) for those lazy LOL.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...