ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

encrypted AHK script

<< < (2/2)

argv:
Doesn't matter what you do, if the script is going to send the password somewhere, it can be catched somehow. Sure, you can compile the script - people will just unpack or dump from memory. You can encrypt the password and decrypt it runtime, but that can be dumped from memory as well. There's nothing you can do about it, really :)
-f0dder (January 19, 2010, 03:44 PM)
--- End quote ---

You are right, but remember, locks are for honest people. Just compiling should do the trick for most of the users

f0dder:
You are right, but remember, locks are for honest people. Just compiling should do the trick for most of the users-argv (January 20, 2010, 09:41 AM)
--- End quote ---
True - I just wanted to point out that there's no way to ultimately secure the thing :)

Depending on what the password is for, and where the script might be lying around, this could prove to be a problem or not. Bank or remote system credentials? Oops! For something that's not critical enough that you can live with the password being snooped by somebody very determined, but still critical enough that you don't want people to snoop it, I'd suggest a two-stage approach:

1) keep an encryption key in the Windows protected storage - this key is only available when you're logged in to the system (which does also mean, though, that if as soon as you're logged in, the key could be stolen by malware or while you're away from the computer).
2) have the password in the script encrypted by the key from part #1.

This way, you could even leave your script uncompiled, as nobody would be able to use it without the key in the Protected Storage. You're still vulnerable to sniffing and all that, but at least you've removed a fairly large attack vector.

ljbirns:
You are right, but remember, locks are for honest people. Just compiling should do the trick for most of the users
--- End quote ---

I am sure nobody is trying  hard to hack my computer for  passwords or private info.  I just don't want to make it easy for anyone who might take a look.

f0dder:
You are right, but remember, locks are for honest people. Just compiling should do the trick for most of the users
--- End quote ---

I am sure nobody is trying  hard to hack my computer for  passwords or private info.  I just don't want to make it easy for anyone who might take a look.-ljbirns (January 20, 2010, 11:11 AM)
--- End quote ---
Then simply compiling the script is going to be fine, as long as it's nothing too critical - casual users won't know how to dump process memory, and I dunno if there's any AHK decompilers around :)

ljbirns:
Thanks to everyone. 

Navigation

[0] Message Index

[*] Previous page

Go to full version