Sign in to follow this  
Followers 0
Szhlopp

Security question

8 posts in this topic

Is there a security issue with encrypting a password with the password itself?

Example:

Encrypt "Hey"

With the password "Hey"

Is there some simple way to crack it? Or this is safe to do?

Thanks!

Share this post


Link to post
Share on other sites



Is there a security issue with encrypting a password with the password itself?

Example:

Encrypt "Hey"

With the password "Hey"

Is there some simple way to crack it? Or this is safe to do?

Thanks!

I don't believe there is other than brute-force. Because to decrypt you'd need the original text.

[size="10"]Pure Au3 crypt funcs(I'm currently also working on making a dll from this)[/size][Y] Be more active in the community[Y] Get 200 posts[N] Get 300 posts[N] Make a Topic in the example scripts forum with at least 50 replies.People who currently hate me:ValikSmOke_N

Share this post


Link to post
Share on other sites

Use a very large prime number.

If at any point the pass and key are multiplied by each other, then you're exposing both to simple factorization. At least the prime number would have the benefit of incalculability.

Share this post


Link to post
Share on other sites

Use a very large prime number.

If at any point the pass and key are multiplied by each other, then you're exposing both to simple factorization. At least the prime number would have the benefit of incalculability.

hrmm...

So is this not a safe thing to do?

My point in doing something like this is to secure a password in a file and actually have it safe enough that somebody with the source couldn't get it out.

I'm not an encryption expert, so I don't know what the deal is with encrypting text with an exact clone of itself. I didn't know if this was some loop hole.

Thanks again,

Szh

Share this post


Link to post
Share on other sites

Well, I'd say it's not so much "not safe" as it is weakening whatever encryption method you're using. Better safe than sorry and all that...

Share this post


Link to post
Share on other sites

Well, I'd say it's not so much "not safe" as it is weakening whatever encryption method you're using. Better safe than sorry and all that...

Thanks.

Here is the basic idea of my encryption.

Convert the entered password to binary (0x#######)

Encrypt it with:

GUID

GUID

GUID

Username

Password

3 GUID's are generated and saved in an EXE (1 person can get to them...)

Username/Pass are user entered. The only reason they need to be saved is to access them later to see if what was entered was correct.

When I go back to check if the entered user/pass combo was correct.

1) Decrpyt with all 5 "passwords"

2) Check if the left 2 chars are 0x

3) If true then convert the binary to a string and check if the result = entered password

I think this should be very secure. Even if you have the source code you shouldn't be able to crack it :P

Share this post


Link to post
Share on other sites

Unless you're familiar with cracking software, and simply remove or bypass the auth routines altogether. But yes, that should be relatively secure :P

Share this post


Link to post
Share on other sites

Why?

post-6470-1218882814_thumb.jpg

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0