Cheers!
I know this problem has been discussed in the past, but unfortunately that didn't help me a lot.
I have a programme which connects to an ftp-server and to a MySQL-server to upload some data.
I have slightly encrypted all the passwords stored in the programme and a friend of mine tried to hack it but didn't manage. Instead, he used a sniffer-programme and read the password directly out of the TCP/IP dump.
Now I am looking for a way to transmit a passwort for the MySQL server encryptedly and for some help how to use SFTP.
Has anybody made any experiences with SFTP - is it really secure and does it really provide good protection against reading the password using a sniffer?
And is there any way to encrypt the password for MySQL before sending it so intercepting the connection becomes much harder?
Thanx for any help in advance!
merendo
Heavy cracker protection required...
Heavy cracker protection required...
The truth is never confined to a single number - especially scientific truth!
-
Killswitch
- Enthusiast
- Posts: 731
- Joined: Wed Apr 21, 2004 7:12 pm
Well you could use my ZPF Encryption library or the RC4 encryption library by Paul (I think). The advantage of ZPF is that a password that is encrypted with the same key twice will not nessicarily have the same chiper text - which is handy for throwing off crackers. It does mean, however, that both the client and server need to know the key.
If your interested can give you a link?
If your interested can give you a link?
~I see one problem with your reasoning: the fact is thats not a chicken~
-
localmotion34
- Enthusiast
- Posts: 665
- Joined: Fri Sep 12, 2003 10:40 pm
- Location: Tallahassee, Florida
please realize that protection will only SLOW hackers down if they REALLY want what you have or are encrypting. if what you are doing is desireable enough, or presents enough of a challenge, groups or individuals will crack it just for fun, and then send you an email.
remember, Itunes developed what they thought was an almost uncrackable digital rights management tool, and within a week "MyTunes" was released to remove such protection and even fileshare songs downloaded on secure Itunes networks.
probably the best protection is a monitor of some kind that sends you emails about the status of the server or whatever regularly, and then you checking them just as regularly.
remember, Itunes developed what they thought was an almost uncrackable digital rights management tool, and within a week "MyTunes" was released to remove such protection and even fileshare songs downloaded on secure Itunes networks.
probably the best protection is a monitor of some kind that sends you emails about the status of the server or whatever regularly, and then you checking them just as regularly.
Code: Select all
!.WHILE status != dwPassedOut
! Invoke AllocateDrink, dwBeerAmount
!MOV Mug, Beer
!Invoke Drink, Mug, dwBeerAmount
!.endw
hehehe I can think of hacking such monitoring system so it sends the "everything sweet ok alright go sleep dont worry" message all the time to the developer 
while they are stealing his licences!! grrr I hate crackers I hate them so much! because they make one lose lots of money. Why dont they just get a damned life 
while they are stealing his licences!! grrr I hate crackers I hate them so much! because they make one lose lots of money. Why dont they just get a damned life Actually I don't believe that my programme will ever fall into the hands of a seriously evil cracker. The intention is just to make it very hard to crack the programme so that most crackers will stop after a few attempts.
@Killswitch: What you suggested might be of interest for me. A question first: Is it possible to install this ZPF on a mysql server so that it assumes that it receives any password encrypted?
@Killswitch: What you suggested might be of interest for me. A question first: Is it possible to install this ZPF on a mysql server so that it assumes that it receives any password encrypted?
The truth is never confined to a single number - especially scientific truth!
