Which has better serurity

[auit5]

Hi,

Which method is more secure? When the script is compiled, not checking the AllowDecompile, or using a long passphrase? I read that this is not really totally secure, but which is generally harder to decompile?

[Valik]

The no decompile option just implicitly adds a random password to the compiled file, I believe. So basically, the level of security is the same if you were to just randomly type in characters for a password. Using actual words, of course, would reduce the security since a dictionary attack could hit that word.

[auit5]

Thank you, Valik!

[ezzetabi]

If you need a really high security you should code a passphrase needed for executing the script. And in the case that the user used a wrong password the script delete it self.

For more security you should also securely delete the script,

for even more you should also delete the scrip if the user just DON'T put the password (IE, press Cancel at the inputbox or doesn't set any inline argument)

If you are really crazy you can do a container script that actually keeps the secured script (the nomal decompiler don't returns FileInstall()ed files!) and fileinstall it, decrypher it and execute, delete and leaves. All password protected.

[Jon]

Hi,

Which method is more secure?  When the script is compiled,  not checking the AllowDecompile, or using a long passphrase?  I read that this is not really totally secure, but which is generally harder to decompile?

The nodecompile option just makes up a long random password (about 200+ characters if I remember correctly)... It's just easier and safer than trying to make up a long/random password yourself.

[sugi]

But do not forget that the exe has to decrypt itself to execute the script stored within. So even when you "compile" it with a very long random password (or the "no decompile option") it's still possible to decrypt and get the script back without too much[1] trouble.

[1] For someone with skills cryptology and decoding programs it should be an easy task. For others it can be a pretty hard task

[t0ddie]

just to mention, anyone serious about decompiling a program with probably have a backup copy.

so self deletion is pointless, although it may thwart SOME attempts

[erebus]

just to mention, anyone serious about decompiling a program with probably have a backup copy.

so self deletion is pointless, although it may thwart SOME attempts

<{POST_SNAPBACK}>

I think ezzetabi was talking about the FileInstall function. If you FileInstall and delete the file (which will be the actual script), even if you decrypt the original exe, you would (probably) be unable of decrypting the FileInstalled script.. At least unless you know how to unpack it from the original exe..

This is a good case however.

[sugi]

I think ezzetabi was talking about the FileInstall function. If you FileInstall and delete the file (which will be the actual script), even if you decrypt the original exe, you would (probably) be unable of decrypting the FileInstalled script.. At least unless you know how to unpack it from the original exe..

You just need something like Norton Protection. Every file you delete is still saved and can be recovered easily. Voila there are all deleted files... including all temporary extracted FileInstalls Edited November 29, 2004 by sugi

[erebus]

Ok, now stop correcting me all the time..

You are right, I was stuck in the old DOS undelete/unerase utilities :}

Edit: So, and to be insane, we just need a function to delete the files that Norton Protection keeps in this case.. :}

Edited November 30, 2004 by erebus

[sugi]

Ok, now stop correcting me all the time..

I'll stop when there's nothing left to correct