DonationCoder.com Software > fSekrit
Re: IDEA - encrypted-SFX-EXE to see secret text
f0dder:
Many thanks for fSekrit. Great tool!!! :Thmbsup:
>feature requests
The author of Ghost_AES (http://free.pages.at/ghost_hunter/crypt.htm) claims ultimate security because he's not storing the password. So if you decrypt using a wrong password, you'll get unuseable data.I like the idea. It sure makes brute force impossible.
If you also like this idea, perhaps you can add a "don't store password" option in future versions of fSekrit.
-wr975 (January 31, 2006, 07:13 AM)
--- End quote ---
I don't store the password anywhere. I do store a hash of the password plaintext, but it is impossible to reconstruct the password from the hash. It's true that storing the hash means you can automate bruteforcing, but bruteforcing a 256-bit key is infeasible, even if you distribute it massively.
Also, even for a solution where you don't store a hash of the password plaintext, statistical analysis could be used instead of hash-checking; this is remarkably effective. There would be some false positives that would need manual checking, but not too many...
So I'll keep storing the hash for convenience :)
wr975:
Thanks for the info! ;)
f0dder:
I do store a hash of the password
-f0dder
--- End quote ---
Oops!
I mean a hash of the PLAINTEXT, of course! (fixing up the previous post, but posting here as well)
Navigation
[0] Message Index
[*] Previous page
Go to full version