Page 2 of 2
Posted: Thu Sep 16, 2004 6:14 am
by TheBeck
Someone could just use a hex editor and put their own md5 into your exe in place of the original. Just about anything you do can be easily circumvented by a skilled cracker. But we all know this.
Re: MD5 is ok for casual encryption
Posted: Thu Sep 16, 2004 11:51 am
by PB
> MD5 [...] is CERTAINLY suitable for turning your strings unrecognizable
> sections of code
Not really... how? All it does is return a signature from text. It cannot
recreate the text from the signature. You need RC4 encryption for that.
Posted: Thu Sep 16, 2004 2:31 pm
by J. Baker
In RC4 does key$ get encoded and decoded as well?
Posted: Thu Sep 16, 2004 9:44 pm
by PB
> In RC4 does key$ get encoded and decoded as well?
RC4 doesn't include the password/key in the encryption. You need to supply
it separately. This means the user can type it in (instead of having the key
stored on disk) and the encrypted string can be recreated from it. See:
Code: Select all
; This example uses Paul's RC4 lib.
Debug CryptString("StringToBeEncrypted",pw$)
Debug DecryptString("AC814A672259E0C12334EE125139D616A964C200",pw$)
In both lines, pw$ = the password that the user supplies, such as from an
InputRequester. The second line is "StringToBeEncrypted" in encrypted
format, which as you can see is different to MD5 encryption which is just
a signature of the string, rather than the string itself.
Posted: Thu Sep 16, 2004 10:02 pm
by thefool
MD5 is not defined as encryption, but as a hashing algorithm. It creates a hash of the string you give to it. While it has been cracked, i belive its very secure still, if you use it correctly not letting user just put another md5 in there. So encrypt the hash string or something like that.
Posted: Fri Sep 17, 2004 3:03 am
by J. Baker
Thanks PB, now I understand and it works for what I need it for.
