rejetto forum

Pass Crypting

casper · 10 · 7505

0 Members and 1 Guest are viewing this topic.

Offline casper

  • Occasional poster
  • *
    • Posts: 11
    • View Profile
Pass Crypting is very bad!
I saw a program that can take pass from andrq.ini
and i saw source! it's a very simple program!
Simple means pass crypting very light! I don;t no how it say in english? but in russian: 4ut' li ne prostaja zamena!


Spy

  • Guest
Molodec :))
He meant to say is, that your password crypting suxx hard.
its almost a very simple changing act. You should do smth about it :).


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13440
    • View Profile
There is no way to secure the password, here.
If i make an harder encryption, they will make an harder decryption, it would be a delay. That's it.
The password encryption is there mainly to prevent people from reading the password simply opening the text file.

A password saved on a computer has sense when people don't access your computer.
If other people has access to your computer, then the secure way to save a password is to save only an HASH of the password (i think linux does it).
This is sadly not suitable for our use. &RQ needs to send the entire password to the server. Otherwise the password saving would be useless.

If you need security for your password, simply don't save it.


And when &RQ will be opensource, the no-key encryption algorithm will be available to anyone. This is not security.


I thought a way to grant security with both
-saved password
-pc accessed by others
-sources open

The solution is to have a double password system.
The &RQ-password, any length, would be saved as an hash, and with this password we can crypt history and crypt the ICQ-password, that is weak, limited to 8 chars.
This is a secure way IMHO.

Here is 7AM and i didn't sleep yet  |) i hope i said no nonsense


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13440
    • View Profile
I forgot to say that the last method i described would prompt the user for password at start. Cause the decryption would require the full password, and the full password is not saved. The hash is only useful for password testing, it is not reversible.

The method is as unhandy as to not save the password and input it every time (that you can already do).
It would simply be more secure, but not more handy.


Offline casper

  • Occasional poster
  • *
    • Posts: 11
    • View Profile
2Spy thanks for translation)
2 rejetto
some people don't have right for access, but have access. And it's very difficult trouble! :evil:


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13440
    • View Profile
I use win2000 sp3, an updated antivirus and a firewall and i'm not afraid about intrusions. What about you?


Offline casper

  • Occasional poster
  • *
    • Posts: 11
    • View Profile
WinXP sp1
PC-cillin pn:492(last version)
But i don't have any firewall!
i lose patience with it)


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13440
    • View Profile
my advice is kerio personal firewall, www.kerio.com
it is free, and i like the way it works.
i installed it also at office where i work.


Offline casper

  • Occasional poster
  • *
    • Posts: 11
    • View Profile
I try to use it, but i think that firewall is not for me)
Firewalls are very gluttony!))


Offline -=DOmen=-

  • Occasional poster
  • *
    • Posts: 4
    • View Profile
    • http://pavel-urai.narod.ru
Quote
I try to use it, but i think that firewall is not for me)
Firewalls are very gluttony!))

 :lol: