John,
Although probably at least non-trivial, Chipp is probably on to
something here. I don't think Rev script encryption is intended for the
highest possible security. More like enough to keep out anyone who is
*not* an expert.
Is it really critical for your application to store the login
information, including password, on the client machine? That seems like
a weak point of the security regardless of what tool you use. Even
compiled C-code can be hacked, but it's much harder to do if the login
information is stored remotely.
If you must store the password locally, you might look into the merits
of a simple MD5-based solution. That is, compute a hash of the password
and store that.
Finally, you might consider what the other weak points are. For
example, unbreakable encryption will only do you so much good if you
then send the password over an insecure network connection. If someone
can just record and play back your communications, they don't have to
know what's actually in it to break in.
As with all anti-hack measures, it will basically boil down to what is
enough of a deterrent that it's not worth the effort to crack. There
are virtually no unbreakable schemes, it's more a matter of setting the
bar higher than the particular would-be intruder can reach.
HTH
John,
I'm no cryptographer, but I would guess cracking Rev's password
protected code wouldn't be too awfully hard. Mainly this is because
you can expect to find multiple occurrences of strings like "on
mouseUp". I'm not suggesting any novice could crack it, but I imagine
someone with some decent tools and a bit of time could get in.
You could probably get a more learned opinion from Dar Scott or
someone with more cryptography chops than I have.
Just my opinion,
Chipp
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
