Subject: Re: [boost] [encrypted strings]
From: Raindog (raindog_at_[hidden])
Date: 2009-04-28 23:37:29
Sohail Somani wrote:
> Raindog wrote:
> > No offense Phil, but the method of string encrpytion you chose will last
> > no more than the 15 minutes it takes a hacker to write a script to
> > automatically decrypt every string encrypted with the algorithm you
> > chose and any other method based on DecryptString(encrypted_string_here).
>
> I don't think so because the string is encoded in the type. It is not a
> runtime value.
>
> So if he has encrypted_string<'whatever'> abc; The string "whatever" is
> probably not actually part of the executable at all.
>
> If anything, he has a structure that looks something like:
>
> vector<'jungrire'> abc;
>
> Again, the "encrypted" string is part of the type and probably does not
> appear in the executable at all.
>
> The cracker would have to figure out at runtime where
> abc.decrypt/decipher() is being called and s/he would have to find it
> for each type above which I'm sure could be scripted.
>
> I don't know if there is someone who could be given an executable with
> this type of protection unknown to him/her and crack it in 15 minutes.
>
>
Take it from someone whose job it is to do exactly what you think cannot
be done that it is possible.