View previous topic :: View next topic |
Author |
Message |
jules Professional Member
Joined: 14 Sep 2001 Posts: 1043 Location: Cumbria, UK
|
Posted: Mon Sep 01, 2003 12:55 pm Post subject: |
|
|
Right. I haven't tested this idea, but if you want an alphanumeric key of any length that's easier to remember, just MD5 the key to convert it to a 32-byte hex value, use @substr() to grab a few digits from the result and then a $ in front to make a valid number for @encrypt().
Code: | %A = @encrypt(%B,$@substr(@encrypt(%%mykey,md5),4,10)) |
_________________ The Tech Pro
www.tech-pro.net |
|
Back to top |
|
|
FreezingFire Admin Team
Joined: 23 Jun 2002 Posts: 3508
|
Posted: Mon Sep 01, 2003 2:54 pm Post subject: |
|
|
But isn't it bad that it only accepts numbers as a key? Anyone can
just write a script and go through numbers and find the decrypted
string.
Unless of course you encrypt it multiple times and then they don't
know how many times you've encrypted it, which makes it harder
to decrypt if you don't know. _________________ FreezingFire
VDSWORLD.com
Site Admin Team |
|
Back to top |
|
|
FreezingFire Admin Team
Joined: 23 Jun 2002 Posts: 3508
|
Posted: Mon Sep 01, 2003 2:55 pm Post subject: |
|
|
CodeScript wrote: | BTW if you click on that emoticon it inserts:eek: which will display meaning surprised ; Yes I am really surprised. |
I'll get this fixed.
EDIT: The problem has been fixed. _________________ FreezingFire
VDSWORLD.com
Site Admin Team
Last edited by FreezingFire on Mon Sep 01, 2003 3:48 pm; edited 1 time in total |
|
Back to top |
|
|
Serge Professional Member
Joined: 04 Mar 2002 Posts: 1480 Location: Australia
|
Posted: Mon Sep 01, 2003 3:22 pm Post subject: |
|
|
good idea jules...
good point ff and good idea on your solution...you could also encrypt it several times using a different key each time...perhaps a key based on the md5 generated one as jules explained...the possibilities are endless
serge _________________
|
|
Back to top |
|
|
CodeScript Moderator Team
Joined: 08 Jun 2003 Posts: 1060 Location: India
|
Posted: Mon Sep 01, 2003 5:11 pm Post subject: |
|
|
One more Idea as I said after encrpting write a character or or two at a postion of your choice and I don't think it is easy to decrypt it then because the encryption becomes a custom one.
EDIT: Use of non keyboard/ascii characters make it even stronger.
Serge wrote: | you could also encrypt it several times using a different key each time... |
Is it possible to decrypt it then ? theoretically yes. i hvaen't tried though. _________________ Regards
- CodeScript
Give your application a professional look with the VDSGUI Extension
Last edited by CodeScript on Mon Sep 01, 2003 5:27 pm; edited 1 time in total |
|
Back to top |
|
|
CodeScript Moderator Team
Joined: 08 Jun 2003 Posts: 1060 Location: India
|
Posted: Mon Sep 01, 2003 5:15 pm Post subject: |
|
|
FreezingFire wrote: | CodeScript wrote: | BTW if you click on that emoticon it inserts:eek: which will display meaning surprised ; Yes I am really surprised. |
I'll get this fixed.
EDIT: The problem has been fixed. |
Nice FF
I don't think this icon should be used frequently _________________ Regards
- CodeScript
Give your application a professional look with the VDSGUI Extension
Last edited by CodeScript on Mon Sep 01, 2003 5:16 pm; edited 1 time in total |
|
Back to top |
|
|
FreezingFire Admin Team
Joined: 23 Jun 2002 Posts: 3508
|
Posted: Mon Sep 01, 2003 5:15 pm Post subject: |
|
|
CodeScript wrote: | One more Idea as I said after encrpting write a character or or two at a postion of your choice and I don't think it is easy to decrypt it then because the encryption becomes a custom one.
Serge wrote: | you could also encrypt it several times using a different key each time... |
Is it possible to decrypt it then ? theoretically yes. i hvaen't tried though. |
Good idea, start with @Encrypt() for base encryption, then change
it around a little so it will be really really hard to decrypt. _________________ FreezingFire
VDSWORLD.com
Site Admin Team |
|
Back to top |
|
|
jules Professional Member
Joined: 14 Sep 2001 Posts: 1043 Location: Cumbria, UK
|
Posted: Mon Sep 01, 2003 6:42 pm Post subject: |
|
|
Quote: | But isn't it bad that it only accepts numbers as a key? Anyone can
just write a script and go through numbers and find the decrypted
string. |
Well it wasn't intended to provide industrial strength security. _________________ The Tech Pro
www.tech-pro.net |
|
Back to top |
|
|
Skit3000 Admin Team
Joined: 11 May 2002 Posts: 2166 Location: The Netherlands
|
|
Back to top |
|
|
vdsalchemist Admin Team
Joined: 23 Oct 2001 Posts: 1448 Location: Florida, USA
|
Posted: Tue Sep 02, 2003 9:31 pm Post subject: |
|
|
jules wrote: | The maximum value you can use is the largest 32-bit integer, whatever that is. If you try to use text, or an invalid number, it will simply use a default value, rather than give an error message. |
Well in that case the largest 32bit integer number can be 2147483647. Will @Encrypt take negative numbers too? If so the smallest 32bit integer number can be -2147483648... _________________ Home of
Give VDS a new purpose!
|
|
Back to top |
|
|
CodeScript Moderator Team
Joined: 08 Jun 2003 Posts: 1060 Location: India
|
Posted: Fri Sep 05, 2003 2:37 pm Post subject: |
|
|
FreezingFire wrote: | But isn't it bad that it only accepts numbers as a key? Anyone can
just write a script and go through numbers and find the decrypted
string. |
FF You can take a look at this dll used in VDS. You can use even non-printable characters as password and encrypt files too - reasonably fast.
There may more such dlls which are freeware.
http://forum.vdsworld.com/viewtopic.php?p=14304
Regards _________________ Regards
- CodeScript
Give your application a professional look with the VDSGUI Extension |
|
Back to top |
|
|
GeoTrail Valued Contributor
Joined: 18 Feb 2003 Posts: 572 Location: Bergen, Norway
|
Posted: Wed Dec 31, 2003 12:09 pm Post subject: |
|
|
jules, thanks alot for the tip about MD5.
But I am having problems decrypting a MD5 encryption.
Here is what I tested:
Code: | %%String = Original string
%%String1 = @encrypt(%%String,MD5)
%%String2 = @encrypt(%%String1,MD5)
info Original string is: %%String@cr()@cr()Encrypted result is: %%String1@cr()Decrypted result is: %%String2 |
When trying to decrypt the md5 encrypted string it only returns the same encrypted string, but double encrypted.
Any ideas? _________________
|
|
Back to top |
|
|
CodeScript Moderator Team
Joined: 08 Jun 2003 Posts: 1060 Location: India
|
Posted: Wed Dec 31, 2003 3:23 pm Post subject: |
|
|
I remember to have had the same problem _________________ Regards
- CodeScript
Give your application a professional look with the VDSGUI Extension |
|
Back to top |
|
|
FreezingFire Admin Team
Joined: 23 Jun 2002 Posts: 3508
|
Posted: Wed Dec 31, 2003 4:26 pm Post subject: |
|
|
MD5 can't be decrypted. It's a one-way hash of a string. It's excellent for
storing passwords because the MD5 hashes can be stored unencrypted.
The only way to crack a password with this would be to go through every
possible combination in the world, which could take thousands of years.
The way to use it is to have a user enter a password, take the MD5 hash
of it, and store it. When the user enters their password again, the program
takes the hash of the password just entered and compares it to the original
hash stored.
It's very effective and as a matter of fact this forum system uses MD5,
non-decryptable hashes, so any attempt to compromise the database for
passwords would yield nothing. _________________ FreezingFire
VDSWORLD.com
Site Admin Team |
|
Back to top |
|
|
CodeScript Moderator Team
Joined: 08 Jun 2003 Posts: 1060 Location: India
|
Posted: Wed Dec 31, 2003 5:00 pm Post subject: |
|
|
Hi FF I was about to post the same thing. I even had serious doubts if MD5 is reversible (practically). Thanks for the INFO _________________ Regards
- CodeScript
Give your application a professional look with the VDSGUI Extension |
|
Back to top |
|
|
|