Pass Crypting

casper · **on:** March 21, 2003, 08:54:20 PM

Pass Crypting is very bad!
I saw a program that can take pass from andrq.ini
and i saw source! it's a very simple program!
Simple means pass crypting very light! I don;t no how it say in english? but in russian: 4ut' li ne prostaja zamena!

Spy · **Reply #1 on:** March 22, 2003, 12:35:19 AM

Molodec

)
He meant to say is, that your password crypting suxx hard.
its almost a very simple changing act. You should do smth about it

.

rejetto · **Reply #2 on:** March 22, 2003, 06:17:10 AM

There is no way to secure the password, here.
If i make an harder encryption, they will make an harder decryption, it would be a delay. That's it.
The password encryption is there mainly to prevent people from reading the password simply opening the text file.

A password saved on a computer has sense when people don't access your computer.
If other people has access to your computer, then the secure way to save a password is to save only an HASH of the password (i think linux does it).
This is sadly not suitable for our use. &RQ needs to send the entire password to the server. Otherwise the password saving would be useless.

If you need security for your password, simply don't save it.

And when &RQ will be opensource, the no-key encryption algorithm will be available to anyone. This is not security.

I thought a way to grant security with both
-saved password
-pc accessed by others
-sources open

The solution is to have a double password system.
The &RQ-password, any length, would be saved as an hash, and with this password we can crypt history and crypt the ICQ-password, that is weak, limited to 8 chars.
This is a secure way IMHO.

Here is 7AM and i didn't sleep yet |) i hope i said no nonsense

rejetto · **Reply #3 on:** March 22, 2003, 06:33:16 AM

I forgot to say that the last method i described would prompt the user for password at start. Cause the decryption would require the full password, and the full password is not saved. The hash is only useful for password testing, it is not reversible.

The method is as unhandy as to not save the password and input it every time (that you can already do).
It would simply be more secure, but not more handy.

casper · **Reply #4 on:** March 22, 2003, 08:54:46 AM

2Spy thanks for translation)
2 rejetto
some people don't have right for access, but have access. And it's very difficult trouble! :evil:

rejetto · **Reply #5 on:** March 22, 2003, 06:26:02 PM

I use win2000 sp3, an updated antivirus and a firewall and i'm not afraid about intrusions. What about you?

casper · **Reply #6 on:** March 22, 2003, 08:39:16 PM

WinXP sp1
PC-cillin pn:492(last version)
But i don't have any firewall!
i lose patience with it)

rejetto · **Reply #7 on:** March 23, 2003, 02:26:23 PM

my advice is kerio personal firewall, www.kerio.com
it is free, and i like the way it works.
i installed it also at office where i work.

casper · **Reply #8 on:** March 23, 2003, 04:55:27 PM

I try to use it, but i think that firewall is not for me)
Firewalls are very gluttony!))

-=DOmen=- · **Reply #9 on:** March 07, 2004, 01:06:24 PM

Quote

I try to use it, but i think that firewall is not for me)
Firewalls are very gluttony!))

:lol: