mIRC Home    About    Download    Register    News    Help

Print Thread
$encode problems #28956 10/06/03 02:01 AM
Joined: Jun 2003
Posts: 10
D
Doomflame Offline OP
Pikka bird
OP Offline
Pikka bird
D
Joined: Jun 2003
Posts: 10
I would like to use the $encode function in some of my scripts (to be released publicly) to hide passwords, But I notice that sometimes the output contains characters that generate errors ( Example : ( ) and , ) so i cannot decode it.

Also I would like to make it a little more secure, so the person couldn't just type in $decode(Encoded Text String) and find out passwords. Is there any way to do this?

Re: $encode problems #28957 10/06/03 02:28 AM
Joined: Dec 2002
Posts: 271
N
NightChillz Offline
Fjord artisan
Offline
Fjord artisan
N
Joined: Dec 2002
Posts: 271
Code:
 [color:blue] 


//echo -a $encode(hello there peoples....how ya all doing today? lol)
 [/color] 


Returns:

 [color:blue] 
M:&5L;&\@=&AE<F4@<&5O<&QE<RXN+BYH;W<@>6$@86QL(&1O:6YG('1O9&%Y%/R!L;VP`
[/color] 

 [color:red] 

//var %a = M:&5L;&\@=&AE<F4@<&5O<&QE<RXN+BYH;W<@>6$@86QL(&1O:6YG('1O9&%Y%/R!L;VP` | echo -a $decode(%a)
[/color] 

Returns:

 
[color:red]
hello there peoples....how ya all doing today? lol
 [/color] 



thats to answer your first question, now as for your second comment, dunno if there ia any really secure way of doing something like that, only way i could think of that would work the best would be to make your own encode and decode aliases..... for example:

Code:
[color:green]
alias my.encode {
  var %a = $1-, %b = 1, %final
  while ($gettok(%a,%b,32)) {
    var %c = $ifmatch, %d = 1, %match
    while ($mid(%c,%d,1) != $null) {
      %match = %match $+ $replace($ifmatch,$ifmatch,$chr($calc($asc($ifmatch) - 10)))
      inc %d
    }
    %final = $+(%final,$chr(1),%match)
    inc %b
  }
  return $right(%final,-1)
}
alias my.decode {
  var %a = $1-, %b = 1, %final
  while ($gettok(%a,%b,1)) {
    var %c = $ifmatch, %d = 1, %match
    while ($mid(%c,%d,1) != $null) {
      %match = %match $+ $replace($ifmatch,$ifmatch,$chr($calc($asc($ifmatch) + 10)))
      inc %d
    }
    %final = %final %match
    inc %b
  }
  return %final
}
[/color]



something like that, now if i type //echo -a $my.encode(blah blah blah blah boo hoo does it work)

i get an echo of:

XbW^XbW^XbW^XbW^Xee^eeZe[i_jmeha

then if i type //var %a = XbW^XbW^XbW^XbW^Xee^eeZe[i_jmeha | echo -a $my.decode(%a)

i get an echo of:

blah blah blah blah boo hoo does it work


so you can see the posibilities....

hope that helps a little

Re: $encode problems #28958 10/06/03 05:47 PM
Joined: Dec 2002
Posts: 2,809
C
codemastr Offline
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
$encode is NOT meant to hide passwords. So no, there is no way to make it more secure. What I would suggest you do is something like this:

set %password $md5(the_password_the_user_set)

Then when someone enters the password, like /msg nick login mypass

You do if (%password == $md5(what_the_user_just_entered)) {
; the correct password was entered
}

MD5 is a one-way-hash meaning if you have the output of $md5, there is virtually NO way to get the original password.

Re: $encode problems #28959 10/06/03 06:08 PM
Joined: Jan 2003
Posts: 3,012
KingTomato Offline
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2003
Posts: 3,012
i always wondered what md5 was.. now I know >:D Yea, *virtually* no way--heh unless you have lc4 >:D


-KingTomato
Re: $encode problems #28960 10/06/03 07:24 PM
Joined: Dec 2002
Posts: 2,809
C
codemastr Offline
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
LC4 (nor any other publically known password retreiving software) can do nothing to crack an MD5 hash. There are attacks against MD5 that can make it take not too long (in crypto terms) to crack such as differential cryptanalysis (the T-attack), but no one has yet devised a feasible attack using this against MD5 (at least not to my knowledge). The "easiest" known method would be the birthday attack which can bring it down to roughly 500,000 years. There are probably other attacks that can bring it down further (plus the faster the machine the faster the cracking, i.e. an NSA cryptanalysis computer could do it much faster than the times I'm quoting). But in any case, unless your goal is to use MD5 to prevent anyone (general people, military and intelligence angencies, etc) from getting at your password MD5 is fine. Perhaps in the future mIRC could add support for SHA1 or RIPEMD160 which provides signifigantly stronger hashing abilities.


Re: $encode problems #28961 10/06/03 07:30 PM
Joined: Jan 2003
Posts: 3,012
KingTomato Offline
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2003
Posts: 3,012
yes, but knowing the algorithm the program took to get there, would be half the battle. I mean, if mirc has it its either a library of windows, or a replicate or the function/class/program itself, correct?


-KingTomato
Re: $encode problems #28962 10/06/03 08:56 PM
Joined: Dec 2002
Posts: 2,809
C
codemastr Offline
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
Well the thing is though, MD5 is one way
it means

MD5(a) = b

But there is no function MD5-1 such that:

MD5-1(b) = a.

Meaning given the end result, there is no way to get the original input, at least not with the math that we currently have.

Re: $encode problems #28963 10/06/03 09:54 PM
Joined: Jan 2003
Posts: 3,012
KingTomato Offline
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2003
Posts: 3,012
so even if you do the reverse to get where you got, ti still wouldn't come out right?

i.e.

alias enc { return $chr($calc(($asc($1) * 2) + 3)) }
$enc(a) =
alias dec { return $chr($calc(($asc($1) - 3) / 2)) }
$dec() = a


-KingTomato
Re: $encode problems #28964 10/06/03 09:56 PM
Joined: Jan 2003
Posts: 3,012
KingTomato Offline
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2003
Posts: 3,012
In addition to that, what about a dictionary attack that takes a word, doe $md5() on it, and then a match--rather than to try to decrypt the hash?


-KingTomato
Re: $encode problems #28965 10/06/03 10:18 PM
Joined: Dec 2002
Posts: 2,809
C
codemastr Offline
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
Well of course a dictionary attack "could" work, but you'd be assuming the password is in some dictionary, if the original plaintext was "42379fjsdrw3r47&$*@843" chances are, a dictionary attack is going to be useless.

Re: $encode problems #28966 10/06/03 10:53 PM
Joined: Jan 2003
Posts: 3,012
KingTomato Offline
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2003
Posts: 3,012
Well i mean, the tradition methods are still kind of possible, just there is an added step--that being to hash the result.


-KingTomato