Subject: Re: [boost] [encrypted strings]
From: Raindog (raindog_at_[hidden])
Date: 2009-04-28 23:37:29
Sohail Somani wrote:
> Raindog wrote:
> > No offense Phil, but the method of string encrpytion you chose will last
> > no more than the 15 minutes it takes a hacker to write a script to
> > automatically decrypt every string encrypted with the algorithm you
> > chose and any other method based on DecryptString(encrypted_string_here).
> I don't think so because the string is encoded in the type. It is not a
> runtime value.
> So if he has encrypted_string<'whatever'> abc; The string "whatever" is
> probably not actually part of the executable at all.
> If anything, he has a structure that looks something like:
> vector<'jungrire'> abc;
> Again, the "encrypted" string is part of the type and probably does not
> appear in the executable at all.
> The cracker would have to figure out at runtime where
> abc.decrypt/decipher() is being called and s/he would have to find it
> for each type above which I'm sure could be scripted.
> I don't know if there is someone who could be given an executable with
> this type of protection unknown to him/her and crack it in 15 minutes.
Take it from someone whose job it is to do exactly what you think cannot
be done that it is possible.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk