DonationCoder.com Software > fSekrit

Re: IDEA - encrypted-SFX-EXE to see secret text

<< < (2/2)

f0dder:


Many thanks for fSekrit. Great tool!!!  :Thmbsup:


>feature requests

The author of Ghost_AES (http://free.pages.at/ghost_hunter/crypt.htm) claims ultimate security because he's not storing the password. So if you decrypt using a wrong password, you'll get unuseable data.I like the idea. It sure makes brute force impossible.

If you also like this idea, perhaps you can add a "don't store password" option in future versions of fSekrit.
-wr975 (January 31, 2006, 07:13 AM)
--- End quote ---

I don't store the password anywhere. I do store a hash of the password plaintext, but it is impossible to reconstruct the password from the hash. It's true that storing the hash means you can automate bruteforcing, but bruteforcing a 256-bit key is infeasible, even if you distribute it massively.

Also, even for a solution where you don't store a hash of the password plaintext, statistical analysis could be used instead of hash-checking; this is remarkably effective. There would be some false positives that would need manual checking, but not too many...

So I'll keep storing the hash for convenience :)

wr975:
Thanks for the info!  ;)

f0dder:
I do store a hash of the password
-f0dder
--- End quote ---

Oops!
I mean a hash of the PLAINTEXT, of course! (fixing up the previous post, but posting here as well)

Navigation

[0] Message Index

[*] Previous page