Szhlopp Posted August 14, 2008 Share Posted August 14, 2008 Is there a security issue with encrypting a password with the password itself? Example: Encrypt "Hey" With the password "Hey" Is there some simple way to crack it? Or this is safe to do? Thanks! RegEx/RegExRep Tester!Nerd Olympics - Community App!Login UDFMemory UDF - "Game.exe+753EC" - CE pointer to AU3Password Manager W/ SourceDataFiler - Include files in your au3!--- Was I helpful? Click the little green '+' Link to comment Share on other sites More sharing options...
mmavipc Posted August 14, 2008 Share Posted August 14, 2008 Is there a security issue with encrypting a password with the password itself?Example:Encrypt "Hey"With the password "Hey"Is there some simple way to crack it? Or this is safe to do?Thanks!I don't believe there is other than brute-force. Because to decrypt you'd need the original text. [size="10"]Pure Au3 crypt funcs(I'm currently also working on making a dll from this)[/size][Y] Be more active in the community[Y] Get 200 posts[N] Get 300 posts[N] Make a Topic in the example scripts forum with at least 50 replies.People who currently hate me:ValikSmOke_N Link to comment Share on other sites More sharing options...
JRowe Posted August 14, 2008 Share Posted August 14, 2008 Use a very large prime number. If at any point the pass and key are multiplied by each other, then you're exposing both to simple factorization. At least the prime number would have the benefit of incalculability. [center]However, like ninjas, cyber warriors operate in silence.AutoIt Chat Engine (+Chatbot) , Link Grammar for AutoIt , Simple Speech RecognitionArtificial Neural Networks UDF , Bayesian Networks UDF , Pattern Matching UDFTransparent PNG GUI Elements , Au3Irrlicht 2Advanced Mouse Events MonitorGrammar Database GeneratorTransitions & Tweening UDFPoker Hand Evaluator[/center] Link to comment Share on other sites More sharing options...
Szhlopp Posted August 14, 2008 Author Share Posted August 14, 2008 Use a very large prime number.If at any point the pass and key are multiplied by each other, then you're exposing both to simple factorization. At least the prime number would have the benefit of incalculability.hrmm...So is this not a safe thing to do?My point in doing something like this is to secure a password in a file and actually have it safe enough that somebody with the source couldn't get it out.I'm not an encryption expert, so I don't know what the deal is with encrypting text with an exact clone of itself. I didn't know if this was some loop hole.Thanks again,Szh RegEx/RegExRep Tester!Nerd Olympics - Community App!Login UDFMemory UDF - "Game.exe+753EC" - CE pointer to AU3Password Manager W/ SourceDataFiler - Include files in your au3!--- Was I helpful? Click the little green '+' Link to comment Share on other sites More sharing options...
JRowe Posted August 14, 2008 Share Posted August 14, 2008 Well, I'd say it's not so much "not safe" as it is weakening whatever encryption method you're using. Better safe than sorry and all that... [center]However, like ninjas, cyber warriors operate in silence.AutoIt Chat Engine (+Chatbot) , Link Grammar for AutoIt , Simple Speech RecognitionArtificial Neural Networks UDF , Bayesian Networks UDF , Pattern Matching UDFTransparent PNG GUI Elements , Au3Irrlicht 2Advanced Mouse Events MonitorGrammar Database GeneratorTransitions & Tweening UDFPoker Hand Evaluator[/center] Link to comment Share on other sites More sharing options...
Szhlopp Posted August 14, 2008 Author Share Posted August 14, 2008 Well, I'd say it's not so much "not safe" as it is weakening whatever encryption method you're using. Better safe than sorry and all that...Thanks.Here is the basic idea of my encryption.Convert the entered password to binary (0x#######)Encrypt it with:GUIDGUIDGUIDUsernamePassword3 GUID's are generated and saved in an EXE (1 person can get to them...)Username/Pass are user entered. The only reason they need to be saved is to access them later to see if what was entered was correct.When I go back to check if the entered user/pass combo was correct.1) Decrpyt with all 5 "passwords"2) Check if the left 2 chars are 0x3) If true then convert the binary to a string and check if the result = entered passwordI think this should be very secure. Even if you have the source code you shouldn't be able to crack it RegEx/RegExRep Tester!Nerd Olympics - Community App!Login UDFMemory UDF - "Game.exe+753EC" - CE pointer to AU3Password Manager W/ SourceDataFiler - Include files in your au3!--- Was I helpful? Click the little green '+' Link to comment Share on other sites More sharing options...
JRowe Posted August 14, 2008 Share Posted August 14, 2008 Unless you're familiar with cracking software, and simply remove or bypass the auth routines altogether. But yes, that should be relatively secure [center]However, like ninjas, cyber warriors operate in silence.AutoIt Chat Engine (+Chatbot) , Link Grammar for AutoIt , Simple Speech RecognitionArtificial Neural Networks UDF , Bayesian Networks UDF , Pattern Matching UDFTransparent PNG GUI Elements , Au3Irrlicht 2Advanced Mouse Events MonitorGrammar Database GeneratorTransitions & Tweening UDFPoker Hand Evaluator[/center] Link to comment Share on other sites More sharing options...
Confuzzled Posted August 16, 2008 Share Posted August 16, 2008 Why? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now