mIRC Home    About    Download    Register    News    Help

Print Thread
Passwords Encryption & Proxies #238760 25/08/12 03:10 AM
Joined: Aug 2012
Posts: 12
Z
zeratul Offline OP
Pikka bird
OP Offline
Pikka bird
Z
Joined: Aug 2012
Posts: 12
Hello everyone:) Using mIRC 7.25 right now, pretty green at this things and want to ask:
1. How secure are our passwords stored in script editor, is there way to add more security, one friend told me quote :"It's not very secure since it's not encrypted in any way. Anyone with physical access to your computer could read the file, or anyone that otherwise has access to your mirc-folder, also in case someone tricks you into connecting to a server that impersonates some irc that you enter often, they would get the password".
Is there any way to protect password stored in script editor?
Encryption maybe?
2. Transparent proxies is it secure to connect throw them, if passwords are stored in script editor, (I use transparent http v.1 proxy for faster connection)?
smile

Last edited by zeratul; 25/08/12 03:12 AM.
Re: Passwords Encryption & Proxies [Re: zeratul] #238764 25/08/12 09:01 AM
Joined: Feb 2003
Posts: 3,432
S
sparta Offline
Hoopy frood
Offline
Hoopy frood
S
Joined: Feb 2003
Posts: 3,432
What password are we talking about? If it's your password to a network, then dont store it in any file, use one you remember and type it in every time..


if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
Re: Passwords Encryption & Proxies [Re: sparta] #238768 25/08/12 10:53 AM
Joined: Aug 2012
Posts: 12
Z
zeratul Offline OP
Pikka bird
OP Offline
Pikka bird
Z
Joined: Aug 2012
Posts: 12
Passwords stored in script editor->>remote, i.e. /msg NickServ identify password i have 5-6 passwords for several networks, and its annoying every time i connect, manual to type every single password

Last edited by zeratul; 25/08/12 12:25 PM.
Re: Passwords Encryption & Proxies [Re: zeratul] #238770 25/08/12 01:19 PM
Joined: Feb 2003
Posts: 3,432
S
sparta Offline
Hoopy frood
Offline
Hoopy frood
S
Joined: Feb 2003
Posts: 3,432
maybe make one your self? or try look for something on http://www.mircscripts.org/ , dont know if anything there can do what you looking for.


if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
Re: Passwords Encryption & Proxies [Re: zeratul] #238772 25/08/12 02:23 PM
Joined: Oct 2004
Posts: 8,330
Riamus2 Offline
Hoopy frood
Offline
Hoopy frood
Joined: Oct 2004
Posts: 8,330
If anyone else uses your computer and you care if they can connect using your password, then just enter it each time. If it doesn't matter if they connect using your password, or no one uses your computer, then it doesn't really matter. Just don't use a password that matches important passwords such as passwords to bank accounts. As long as the password is only for the network(s), then it probably doesn't even matter that much if someone else uses it unless they decide to try to get you banned.


Invision Support
#Invision on irc.irchighway.net
Re: Passwords Encryption & Proxies [Re: Riamus2] #238783 26/08/12 11:11 PM
Joined: Aug 2012
Posts: 12
Z
zeratul Offline OP
Pikka bird
OP Offline
Pikka bird
Z
Joined: Aug 2012
Posts: 12
Thanks guys:)

Re: Passwords Encryption & Proxies [Re: zeratul] #238784 27/08/12 03:22 AM
Joined: Oct 2003
Posts: 3,918
A
argv0 Offline
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
To answer your questions, since nobody really has:

1. It's not secure to store passwords in your script editor-- however: there's no secure way to store passwords, really. Even if you did encrypt the password, you would have to encrypt it with some kind of key. In other words, guess how you would decrypt the password file? Yep-- another password. And both the encryption password and the encrypted password are stored on the same machine. Kind of useless if someone gains access to your drive, though it could deter some less knowledgeable hackers.

It's also important to note that though it's not secure to store passwords, it's also not secure, in general, to use passwords over IRC anyway. Everything on IRC is sent unencrypted unless you are connected via SSL, and even then, servers will likely not communicate via encrypted channels-- and even *then*, opers can easily gain access to data logs sent to service bots. In other words, even if you securely store your password, it's still easily accessible through different attack vectors-- arguably more likely attack vectors, since a hacking a random IRC user offers much less of a payoff than hacking an IRC server node itself.

2. Absolutely not. Proxies can easily slurp data-- I'd bet a bunch of them already do. Don't send sensitive info across proxies, in general. You should assume that someone is watching you when using these proxies.

So, to summarize: passwords over IRC are insecure period. It's a reality of the protocol-- the solution here is to, as Riamus mentioned, use throwaway passwords that you do not use anywhere else. If someone steals that password, the most they do is steal your IRC nick and possibly a channel or two for a few hours before opers correct the situation. So don't worry too much about it.


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Re: Passwords Encryption & Proxies [Re: argv0] #238796 28/08/12 01:23 PM
Joined: Aug 2012
Posts: 12
Z
zeratul Offline OP
Pikka bird
OP Offline
Pikka bird
Z
Joined: Aug 2012
Posts: 12
Thank you very much fort the help argv0

Re: Passwords Encryption & Proxies [Re: zeratul] #239254 05/10/12 11:52 AM
Joined: Dec 2010
Posts: 23
N
NufSaid Offline
Ameglian cow
Offline
Ameglian cow
N
Joined: Dec 2010
Posts: 23
if your using the same mirc for each network just set up a alias for each or add a button on the mirc toolbar one for each network then just click on the button to identify you
if your using different mirc use the preform box either way you can script it to work like if server = *&%**(^^(*^ /ns identify password
AND use SSl = secure socket layer

Last edited by NufSaid; 05/10/12 11:57 AM.