Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Citizens are advised not to use encryption as decrypting data takes too much time and is costly.
Please spread awareness and save money.
Thank you for Cooperating, have a nice day :)6 -
Idea: Emoji passwords
Bdixbsufhdbe HEAR ME OUT
I know, I know, emojis belong with teenage girls on Snapchat but there are some theoretical benefits to emoji passwords.
Brute Force attacks are useless! With such a wide range of characters and so many different combinations, they just wouldn't be viable.
Dictionary attacks are less useful! Because those require...words.
They can be easier to remember. Tell a story with your emojis. Images are easier to commit to memory than combinations of letters and numbers.
Users would adopt the feature! For whatever reason, the general population fucking loves these things. So emoji passwords probably won't take very long to see use.
I don't know much about this last one, so I saved it for last, but I would imagine that decryption would be more difficult if the available values is quite vast. I dunno how rainbow tables and hash defucking works so I'll just put this here as a "maybe"
😀35 -
Good fucking lord, Australia is looking at bring Decryption laws in, just when you think the world couldn’t get any closer to destroying itself.
https://itnews.com.au/news/...4 -
Ten Immutable Laws Of Security
Law #1: If a bad guy can persuade you to run his program on your computer, it's not solely your computer anymore.
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore.
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.
Law #4: If you allow a bad guy to run active content in your website, it's not your website any more.
Law #5: Weak passwords trump strong security.
Law #6: A computer is only as secure as the administrator is trustworthy.
Law #7: Encrypted data is only as secure as its decryption key.
Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all.
Law #9: Absolute anonymity isn't practically achievable, online or offline.
Law #10: Technology is not a panacea.3 -
Continuation of https://devrant.com/rants/642962/...
You are the decryption key to my encryption,
No one can access my heart except you.
You are the loop in my life,
I always keep coming back to you.
You are my nodemon,
You are always watching over me.
You are the / to everything I do,
Am nothing without you and I will always preserve you.
You are my increment operator,
You add value to my life.
To be continued 😉3 -
ssh your.server.ip, welcome message:
#Ooops! your files have been encrypted.
#Don't waste your time trying to decrypt them.
#Nobody can.
#We would gladly offer you a way of recovering all
#your files safely, but sadly we lost the decryption
#password.
#Hackers too are not perfect, have a nice day.
#PS. you can still send money to support us if you want at this
#web page: fuckyou.onion.
#Your personal key: m0r0nm0t3fukk3r
(I'll code this one day and install it on somebody machine, it's one of my top dreams)11 -
I think I finally found a reason to have a phone with 8GB of RAM.
So that when TWRP craps out on data decryption and decides not even to ask for a password, at least I can push a whole fucking ROM into RAM to unfuck the phone. Because why not?! Why on Earth would software work properly when you can just throw more hardware at it?
Long live FBE, TWRP what craps out on it, and you remember those things.. SD cards for data storage? I could've used an unencrypted SD card so fucking badly right now, you know... Long live soldered in storage that's encrypted, "for security". Except for when the person who owns said data actually wants to use the bloody data.
FUCK!2 -
Hey everyone, cozyplanes here with another quick excel prank i thought of.
It is called TEEST, and the technique behind is simple, but interesting. Recommend taking a look, and pranking with your friends.
The following is the README of TEEST (Text in Excel Every Single Time) in Github.
You can check the simple project here ( https://github.com/cozyplanes/teest )
Disclaimer: Do not use or modify neither the program or the source code to make software violating the law.
### How do I use it?
1. Head to https://github.com/cozyplanes/teest and download the latest release `EXE` file.
1. Windows may warn you with the missing signature. The file is a DEBUG file, so there isn't a publisher signature. You can proceed downloading anyway since it has been virus checked by the developer.
2. Type the message you want to display in the textbox.
3. Click `Save text` button.
5. To check the file, click `Cancel` button in the opened popup dialog.
### What happens?
When an MS Excel file (`.xlsx`) has been opened, by using TEEST, two files gets opened.
1. The original file user opened
2. Excel file named `message.txt` with the custom message you have written.
`message.txt` excel file will open every single time a person opens a excel file.
*In some older versions of Excel, the message may overlap with the user opened file.*
### Why does this happen?
When MS Excel program is executed, it is programmed to check the files in the following 2 folders.
- `C:\Program Files\Microsoft Office\Office[versionnumber]\XLSTART`
- `C:\Users\%username%\AppData\Roaming\Microsoft\Excel\XLSTART`
In normal conditions, there is no file in those folders (or the folders doesn't exist at all) but when you use TEEST and click `Save text` button, it saves `message.txt` file in the folders above. From MS Excel is executed again, it will find out there is a file in the folders above, so it will show those text files in Excel.
### Where is this technique used?
There should be a lot of software using this trick, but it is widely known for ransomwares such as `GandCrab` and `TeslaCrypt` displaying decryption methods in MS Excel by this trick.
### How can I disable it?
1. Open TEEST again.
2. Click `Save text` button and click `Cancel` in the following popup.
3. Delete `message.txt` file in the opened explorer.
### LICENSE
This software is under the MIT License. Refer to the `LICENSE` file for more information.
### Contact
<cozyplanes@tuta.io>
Spam/Ads not allowed. Please only send questions or concerns about the software. It may take up to 48 hours to get a reply.13 -
I need to encrypt some large files at rest and then decrypt them immediately prior to processing.
App and files are on a Linux system (CentOS). App is in C. Machine is controlled by a third party.
What encryption libraries would you recommend? And, is there any clever way of managing the decryption key beyond compiling it in the code and doing some basic obfuscation?
Are they fancy obfuscation libraries out there, for example?
And, the reason I'm not going to SO (well, one reason) is that I don't want to have 50 answers that tell me that's it's impossible to 100% protect data on a machine you don't control. This I understand---just looking for "best effort" solution.8 -
My IT-teacher has a website. Aside from it looking like from 1980 (which is ok), he has a "security js Mail decryption":
In his page there is a <script> with a simple yet custom de/encrypt function. Then his E-Mail is an <a href="javascript:mailto:function('rubberish173848'>private email</a>. (Or something like that)
You can just run this link (open email app and read it) or use the same function and same href in the browser console and read it. It sounds so stupid.
(Yet I figured out he probably doesn't want bots to spam his mail, so maybe I am stupid)1 -
1) Learning to make Android games with Godot3. Really awesome engine to do this. I was impressed when I found out it can use adb to deploy to my phone directly.
2) A sort of a modular multiplatform backup service with optional on the fly encryption/decryption and available for all devices -
The German Wikipedia article about brute force defines it as "decryption method" 🤔🤔😂
https://de.m.wikipedia.org/wiki/...
2 -
it would help if i had time to learn even a little more C, as I'm bumbling my way through the Linux kernel and GodMode9 (an amazingly powerful 3DS manip tool for everything from the SD card to the NAND to literally raw FIRM0/FIRM1 bootloader access) to try amd patch some code from GM9 into the kernel to handle the SD card *properly* so Linux 3DS doesn't constantly hang when reading/writing to the SD card, to enable Wi-Fi access (same bus location and similar bus structure as SD/NAND access, different processor,) enable NAND decryption and access (yes, really, NAND is encrypted via software, which is... ...fun...) and more.
tl;dr: the 3DS hardware, C, and others' code collectively make me wanna slit my fucking wrists. Hopefully my sacrifice allows higher-level programming languages to be visble for low-level jobs in the future.
4 -
So today I set up an ubuntu server with LVM, encrypted root partition and decryption via usb key.
That shit is insane dude.13 -
DO NOT EXPORT GPG KEYS _TEMPORARILY_ AND ASSUME THAT THEY'LL BE IN THE ORIGINAL LOCATION AFTER EXPORT!
I learnt this lesson the hard way.
I had to use a GPG key from my personal keyring on a different machine ( that I control ). This was a temporary one-time operation so I thought I might be a smart-ass and do the decryption on the fly.
So, the idiotic me directly piped the output : `gpg --export-secret-key | scp ...`. Very cool ( at the time ). Everything worked as expected. I was happy. I went to bed.
In the morning, I had to use the same key on the original machine for the normal purpose I'd use it for and guess what greeted me? - *No secret key*
*me exclaims* : What the actual f**k?!
More than half a day of researching on the internet and various trials-and-errors ( I didn't even do any work for my employer ), I finally gave up trying to retrieve / recover the lost secret key that was never written to a file.
Well, to be fair, it was imported into a temporary keyring on the second machine, but that was deleted immediately after use. Because I *thought* that the original secret key was still in my original keyring.
More idiotic was the fact that I'd been completely ignorant of the option called `--list-secret-keys` even after using GPG for many years now. My test to confirm whether the key was still in place was `--list-keys` which even now lists the user ID. Alas, now without a secret key to do anything meaningful really.
Here I am, with my face in my hands, shaking my head and almost crying.5 -
Had to extend the platform of a customer. For one part of my task (generating an encrypted string) there already was a class with encryption and decryption methods. This class is used in a gazillion places all over the code, so I thought it might be a good idea to re-use already existing stuff... Until I saw that the encryption method using basic Java methods (all fine with that) wrapped in a try-catch block, 'cause the Java methods may throw, returning err.getMessage() in the catch block...
Yeah...sure...makes sense... Instead of throwing an error or returning null just remove the possibility to handle the error.
So I decided to basically copy the methods and return null so I can work with that.
Created a merge request and was told by another dev of that company to remove my own impelemtation of the encryption method and use the already existing. Arguing that I won't have a possibility to prevent my code, that returns an URI containing the encrypted string, from generating something like "http://..../Encryption failed because of null" without success.
So I had to use the already existing crappy code...5 -
void encrypt(...) {
[...]
output.Write(iv);
output.Write(salt);
[...]
}
void decrypt(...) {
[...]
input.Read(salt);
input.Read(iv);
[...]
}
Took me 2 hours to figure out why it kept giving me decryption errors :/3 -
That dude that doesn't really understand the concept of cariables and hardcodes a caesar encryption/decryption.
I have no words for this. 1000+ lines of code -
Noob question
Is it better to implement a cryptpgraphic algo in a function or in a class? Also how?
More info:
I have a cryptography class and I really enjoy implementing the different techniques that we study in class. At first I was just implementing the techniques in a simple function with 3 parameters; key, message and a bool for encryption or decryption. But as they are getting more complex, it is becoming harder to continue implementing them in a single function block. So I thought of using a class but ran into the problem of how do I even do that? Do I make different methods for key generation, encrypting and decrypting?
P.S. It's really just for learning how the crypto technique works and not for anything serious.12 -
So i got another reason to hate windows.
During decrypting bitlocked external hard drive it got disconnected and guess what the partitions didn't showed up in windows and everytime i connected hard drive windows get stuck. I thought the drive and all data of about 300gb is gone. None of the softwares worked (Also tried diskpart to list disks but it got stuck too). After about a week i live booted linux distro and guess what hard drive is working perfectly in linux.
And decryption was also successful without interruption.
Linux never disappoints.2 -
Why does it have to be so hard to watch blu-ray movies on Linux? Either the decryption libraries crash or they freeze the whole system.
I give up, I'm booting Windows now.7 -
Don't you just hate it when there seems to be nothing but in some ways lacking solutions to a definite task in your capability arsenal? Or rather, I don't really know how I should feel about it... I've been developing this solution to receive a 3DES encrypted Azure Service Bus message, decrypting it and chewing the output XML down so as to be digestible to the PHP application whose API the message gets delegated to... but there just seems to be no perfect solution: subscribing to the event topic straight from the target app just... doesn't seem to work properly, a Python implementation.... well, let's just leave it at that... a Node.js implementation would require TS and completely rewriting a proprietary library with 100+ complex types - also, there's some hiccups with both the subscription and the decryption...
I started with an F# implementation (after deeming the PHP one flawed), and it seems it's still the best. But goddamn it I had problems with it on the dotnet core side of thing (decryption output incorrect), so I had to switch to dotnet framework... Now finally everything crucial is peachy, but I can't seem to be able to implement a working serialized domain model pipeline to validate the decrypted message and convert it to something easier to digest for the target application (so that I could use the existing API endpoint instead of writing a new one / heavily modifying the existing implementation and fear breaking something in the process...). I probably could do it in C#, I don't know, but for the love of Linus I'm not going to do it if I can avoid it, when implementing the same functionality I have now without the Dto and Domain type modules would take 3x LoC than the current F# implementation incl. the currently unused modules!
And then there's the problem of deployment... I have no idea what's the best way to deploy a dotnet framework module to an app completely based on MAMP running on a mostly 10yo AWS cloud solution. If I implemented a PHP or Node.js solution, it'd be a piece of cake, but... Phew, I don't know. This is both frustrating, overwhelming and exciting at the same time.7 -
Is there an encryption/decryption algorithm that's guaranteed to have an output of less than 100 chars? Say to encrypt messages less than 50 chars in length4
-
One of our partners sent me a Key Injection Tool to inject encryption keys into a PINPAD with. Looks like they were short on developers and had to hire Python typists who have made a mess of a simple AES encryption/decryption. When do these companies learn that writing a security related software in Python is not really secure? I had to read the rubbish in Python and read it from scratch in C++ to get it to work, and am now contemplating whether to provide that company with my version of their Key Injection Tool or not...2
-
Note to self:
Variadic C++ templates combined with obfuscated combinations of stl containers put you on the right path to be a "compiler message decryption" archmage.
Especially when you use MSCV...
Top Tags
Weekly Rant
View