Your strings are not safe!!!

TheBeck · Post by **TheBeck** » Thu Sep 16, 2004 6:14 am

Someone could just use a hex editor and put their own md5 into your exe in place of the original. Just about anything you do can be easily circumvented by a skilled cracker. But we all know this.

PB · Post by PB » Thu Sep 16, 2004 11:51 am

> MD5 [...] is CERTAINLY suitable for turning your strings unrecognizable
> sections of code

Not really... how? All it does is return a signature from text. It cannot
recreate the text from the signature. You need RC4 encryption for that.

J. Baker · Post by **J. Baker** » Thu Sep 16, 2004 2:31 pm

In RC4 does key$ get encoded and decoded as well?

PB · Post by PB » Thu Sep 16, 2004 9:44 pm

> In RC4 does key$ get encoded and decoded as well?

RC4 doesn't include the password/key in the encryption. You need to supply
it separately. This means the user can type it in (instead of having the key
stored on disk) and the encrypted string can be recreated from it. See:

Code: Select all

; This example uses Paul's RC4 lib.
Debug CryptString("StringToBeEncrypted",pw$)
Debug DecryptString("AC814A672259E0C12334EE125139D616A964C200",pw$)

In both lines, pw$ = the password that the user supplies, such as from an
InputRequester. The second line is "StringToBeEncrypted" in encrypted
format, which as you can see is different to MD5 encryption which is just
a signature of the string, rather than the string itself.

thefool · Post by **thefool** » Thu Sep 16, 2004 10:02 pm

MD5 is not defined as encryption, but as a hashing algorithm. It creates a hash of the string you give to it. While it has been cracked, i belive its very secure still, if you use it correctly not letting user just put another md5 in there. So encrypt the hash string or something like that.

J. Baker · Post by **J. Baker** » Fri Sep 17, 2004 3:03 am

Thanks PB, now I understand and it works for what I need it for.

PureBasic Forums - English

Your strings are not safe!!!

Re: MD5 is ok for casual encryption