PureBasic Forums - English

Cheers!

I know this problem has been discussed in the past, but unfortunately that didn't help me a lot.

I have a programme which connects to an ftp-server and to a MySQL-server to upload some data.

I have slightly encrypted all the passwords stored in the programme and a friend of mine tried to hack it but didn't manage. Instead, he used a sniffer-programme and read the password directly out of the TCP/IP dump.

Now I am looking for a way to transmit a passwort for the MySQL server encryptedly and for some help how to use SFTP.

Has anybody made any experiences with SFTP - is it really secure and does it really provide good protection against reading the password using a sniffer?

And is there any way to encrypt the password for MySQL before sending it so intercepting the connection becomes much harder?

Thanx for any help in advance!

merendo

Well you could use my ZPF Encryption library or the RC4 encryption library by Paul (I think). The advantage of ZPF is that a password that is encrypted with the same key twice will not nessicarily have the same chiper text - which is handy for throwing off crackers. It does mean, however, that both the client and server need to know the key.

If your interested can give you a link?

please realize that protection will only SLOW hackers down if they REALLY want what you have or are encrypting. if what you are doing is desireable enough, or presents enough of a challenge, groups or individuals will crack it just for fun, and then send you an email.

remember, Itunes developed what they thought was an almost uncrackable digital rights management tool, and within a week "MyTunes" was released to remove such protection and even fileshare songs downloaded on secure Itunes networks.

probably the best protection is a monitor of some kind that sends you emails about the status of the server or whatever regularly, and then you checking them just as regularly.

hehehe I can think of hacking such monitoring system so it sends the "everything sweet ok alright go sleep dont worry" message all the time to the developer while they are stealing his licences!! grrr I hate crackers I hate them so much! because they make one lose lots of money. Why dont they just get a damned life

Actually I don't believe that my programme will ever fall into the hands of a seriously evil cracker. The intention is just to make it very hard to crack the programme so that most crackers will stop after a few attempts.

@Killswitch: What you suggested might be of interest for me. A question first: Is it possible to install this ZPF on a mysql server so that it assumes that it receives any password encrypted?

How do you prevent the cracker from bypassing the password transfer?
I don't want to argue about that, just out of curiosity.

difficult.. only way to stop that is to put in the password manually directly on the server [if you have acess], or code it in a very difficult way.