AutoHotkey Homepage AutoHotkey Community
Let's help each other out
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Editor/Chat Encryption
Goto page Previous  1, 2
 
Post new topic   Reply to topic    AutoHotkey Community Forum Index -> Scripts & Functions
View previous topic :: View next topic  
Author Message
Guest
PostPosted: Tue Jul 12, 2005 11:09 pm    Post subject: Reply with quote
Ok, so only compiled scripts (which could and should be portable) then? The ones that are in an insecure environment anyway?

And a firewall, antispy/virus/keylogger the whole stuff protected environment, which runs scripts, not compiled scripts?

What if the script and the generated data leaks out?

Say, even with the functions included, so a bundle of scripts, everything except the pass gets out.

What are the chances that a cracker could read out the data from memory or by deliberately feeding it specific data and attempt to crash it, to get data? Say: a simple ask-for-pass, spit out data, or hardcoded-pass, spit out data program?

In general, what are the chances that the pass can be regenerated with the scriptcode/compiled script and its generated data?
Back to top
Laszlo



Joined: 14 Feb 2005
Posts: 4031
Location: Pittsburgh
PostPosted: Tue Jul 12, 2005 11:20 pm    Post subject: Reply with quote
The good news about cryptographically secure ciphers (like TEA) is that you can publish your script, and as long as the pass-phrase remains secret, nobody can decrypt your messages. All the other stuff is irrelevant, like if your script is compiled or interpreted. If a Trojan key logger gets into your PC, it gets your pass-phrase directly from the keyboard entry, unless you have some HW protection. So try to keep malware away or invest into HW protection. Or be poor, so nothing valuable can be stolen from you. This might be the easiest solution.
Back to top
View user's profile Send private message
Guest
PostPosted: Wed Jul 13, 2005 12:14 am    Post subject: Reply with quote
Ok, then data-leakage remains, and, it has to be hardcoded, for even if we can provide an interface for receiving the pass(phrase) that cannot be read by numerous programs, and we can intercept the keys 'unhooked' (which is practically impossible, for every script can overrule another by (re)setting the hotkeys/strings, this is not per se ahks fault, for its windows built-in also i understood), the moment the pass is processed, it can be attacked in memory
Back to top
Guest
PostPosted: Wed Jul 13, 2005 12:28 am    Post subject: Reply with quote
Hey, one can build a secure and completely open set of suites of cryptography with ahk (which is open), and encrypt the application that handles them with not too many lines of code.

The resulting application... well, let's see if we can read it in memory, the passphrase that is, that would be the test...

ReadProcessMemory / WriteProcessMemory
Back to top
Display posts from previous:   
Post new topic   Reply to topic    AutoHotkey Community Forum Index -> Scripts & Functions All times are GMT
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum


Powered by phpBB © 2001, 2005 phpBB Group