External libraries used:
- Crypt by Deo
- AHK_CNG by jNizm (Hopefully, this will replace Crypt once he has completed the library. I would be using his AES + CBC, but.. I'm not sure how exactly it works, or how I would implement it correctly here.)
Best practices when using this library:
Using this library doesn't automatically make your passwords/strings safe. There are a few things you need to take into account:
- Do not use static strings for the PIN. Get the PIN (via prompting the user or otherwise), set the PIN, then erase the variable that held the plain-text pin. This ensures that a memory leak/hook/etc. won't give out the PIN.
- After you've retrieved the string, use it for what you need, then wipe that variable as well.
- The hash of the PIN is what the strings are encrypted with as the key. The hashed PIN is stored in a generated, temporary key. This temporary key is regenerated every time it's used or if a new PIN is set. Using SetTimer, one could call
*Note: if anyone has a better suggestion for PIN keeping, please let me know! (not saving the return) to constantly change the temporary key.
Custom file-type methods