Dear All,
I've been learning about AES encryption and I want to try my hand at using it in AutoIT. However I keep wondering if it really is as easy as using the UDF by Adventurer here.
As Melba23 says here:
The 'relatively easy' remark by Melba23 makes me wonder what the point of the whole exercise is since ultimately what you are doing is leaving the key in the open with the code:
The show is over once a hacker has reversed your AutoIt code and gets the string "ThisIsTheKey".
Is this line of logic correct? Perhaps I'm missing something here? Any help filling in the blanks here with examples is greatly appreciated.
-icu
I've been learning about AES encryption and I want to try my hand at using it in AutoIT. However I keep wondering if it really is as easy as using the UDF by Adventurer here.
As Melba23 says here:
Quote
- Your plain language script is within the compiled .exe, but in compressed form. It is not immediately viewable with a hex editor, but is by no means secure as it is expanded in memory when the .exe is run.
- Obfuscator (part of the full SciTE4AutoIt3 package) will obscure your script by changing variable and constant names (and a lot more!), which makes it harder to decompile but again does not render the .exe secure.
So, compiling an Autoit script will prevent quick snooping, but a determined, experienced hacker can relatively easily get your source - including passwords, specific filenames, etc - or the encryption routines you have used in your script to encrypt/decrypt them if they are stored in another file.
- Obfuscator (part of the full SciTE4AutoIt3 package) will obscure your script by changing variable and constant names (and a lot more!), which makes it harder to decompile but again does not render the .exe secure.
So, compiling an Autoit script will prevent quick snooping, but a determined, experienced hacker can relatively easily get your source - including passwords, specific filenames, etc - or the encryption routines you have used in your script to encrypt/decrypt them if they are stored in another file.
The 'relatively easy' remark by Melba23 makes me wonder what the point of the whole exercise is since ultimately what you are doing is leaving the key in the open with the code:
[ autoit ]
$Key = "ThisIsTheKey"
The show is over once a hacker has reversed your AutoIt code and gets the string "ThisIsTheKey".
Is this line of logic correct? Perhaps I'm missing something here? Any help filling in the blanks here with examples is greatly appreciated.
-icu