Boost logo

Boost :

Subject: Re: [boost] [encrypted strings]
From: Sohail Somani (sohail_at_[hidden])
Date: 2009-04-28 01:33:05


Raindog wrote:
> No offense Phil, but the method of string encrpytion you chose will last
> no more than the 15 minutes it takes a hacker to write a script to
> automatically decrypt every string encrypted with the algorithm you
> chose and any other method based on DecryptString(encrypted_string_here).

I don't think so because the string is encoded in the type. It is not a
runtime value.

So if he has encrypted_string<'whatever'> abc; The string "whatever" is
probably not actually part of the executable at all.

If anything, he has a structure that looks something like:

vector<'jungrire'> abc;

Again, the "encrypted" string is part of the type and probably does not
appear in the executable at all.

The cracker would have to figure out at runtime where
abc.decrypt/decipher() is being called and s/he would have to find it
for each type above which I'm sure could be scripted.

I don't know if there is someone who could be given an executable with
this type of protection unknown to him/her and crack it in 15 minutes.

-- 
Sohail Somani
http://uint32t.blogspot.com

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk