Decrypt

Back to topics list  | 1 2 To post a new topic, please log in or register
avatar
736
honest_knave 2015.12.23 21:48 #
 

I think I understand what you want, but I can only think of a workaround. And it isn't very elegant.

When you validate the user entered string, run a loop going through all the date permutations you want  (every day, start of each month, whatever), encrypting each one with your key.

Then compare each string with the user entered one.

If you get a match, you know the expiry date. If there is no match at all, the user string is invalid.

 

avatar
37
gatoreyefx 2015.12.23 22:17 #
 
No can do. You need to find another way to do this. You don't have to hardcode anything in your program. Like I said earlier, you can save the encoded dst[] to a file or some other way for later to validate the user input hex string(date) with. This kind of things, you have to give some thoughts and find a right way to do it. Go for the file way. I think that is the best.
avatar
1220
ggekko 2015.12.23 22:37 #
 
honest_knave:

I think I understand what you want, but I can only think of a workaround. And it isn't very elegant.

When you validate the user entered string, run a loop going through all the date permutations you want  (every day, start of each month, whatever), encrypting each one with your key.

Then compare each string with the user entered one.

If you get a match, you know the expiry date. If there is no match at all, the user string is invalid.

 

Yes, I already thought about it. It can work, but as you said, not so elegant. I'd like something more elegant solution.
avatar
1220
ggekko 2015.12.23 22:39 #
 
gatoreyefx:
No can do. You need to find another way to do this. You don't have to hardcode anything in your program. Like I said earlier, you can save the encoded dst[] to a file or some other way for later to validate the user input hex string(date) with. This kind of things, you have to give some thoughts and find a right way to do it. Go for the file way. I think that is the best.
So, do you say I should give that "key" file to the user beside the expert?
avatar
37
gatoreyefx 2015.12.24 01:30 #
 
No. you don't have to tell your user what the key is. You can write a separate program that takes the expiration date and user id as input. This program will do two things:  1)  encodes the expiration date using the user id as a key and writes this encoded dst[] to a TXT file.  2) print dst[] using ArrayToHex. Run this program on the MT4 platform. you are going to put this TXT file where your EA is installed and give the Hex sting to your user so that he can enter it when he runs your EA. Next, you need to modify your EA to accept the user id and the hex string. your EA reads the TXT file you installed and decrypts its content using the user id as the key. Just like you did in the separate program, you will get a hex string of dst[] by calling ArrayToHex. Now, this string is compared to the hex string you accepted on your EA for its validity of run. This way, you can make sure it's secured in both ways. You give your user the TXT file that is unreadable by human and the hex string that is gibberish and unconvertible. The only thing your user can make any sense is the user id you decided on. Just don't tell your user about the file. You can in fact go further with this as far as your imagination goes where nobody can mess with. You can write to any kind of file system, not just TXT.
avatar
1220
ggekko 2015.12.24 10:29 #
 
gatoreyefx:
No. you don't have to tell your user what the key is. You can write a separate program that takes the expiration date and user id as input. This program will do two things:  1)  encodes the expiration date using the user id as a key and writes this encoded dst[] to a TXT file.  2) print dst[] using ArrayToHex. Run this program on the MT4 platform. you are going to put this TXT file where your EA is installed and give the Hex sting to your user so that he can enter it when he runs your EA. Next, you need to modify your EA to accept the user id and the hex string. your EA reads the TXT file you installed and decrypts its content using the user id as the key. Just like you did in the separate program, you will get a hex string of dst[] by calling ArrayToHex. Now, this string is compared to the hex string you accepted on your EA for its validity of run. This way, you can make sure it's secured in both ways. You give your user the TXT file that is unreadable by human and the hex string that is gibberish and unconvertible. The only thing your user can make any sense is the user id you decided on. Just don't tell your user about the file. You can in fact go further with this as far as your imagination goes where nobody can mess with. You can write to any kind of file system, not just TXT.
This is excatly the same as I wrote (expert, key file, and of course hex string). Thank you for your answers, I will think about it.
avatar
736
honest_knave 2015.12.24 11:12 #
 
gatoreyefx:
Just don't tell your user about the file.

I don't profess to be any form of expert on such things, but I'd hazard a guess that providing your end user with the encryption key and relying only on their ignorance of the true purpose of this file would be a major security flaw.

People can get very imaginative when they want to. If I understand the proposition correctly, you're giving them the ingredients but hoping they don't know how to bake a cake.

avatar
37
gatoreyefx 2015.12.25 16:35 #
 
honest_knave:

I don't profess to be any form of expert on such things, but I'd hazard a guess that providing your end user with the encryption key and relying only on their ignorance of the true purpose of this file would be a major security flaw.

People can get very imaginative when they want to. If I understand the proposition correctly, you're giving them the ingredients but hoping they don't know how to bake a cake.

That file as well as the key can be anything. I was simply suggesting a way. You can be creative in how to implement such a thing.
avatar
1220
ggekko 2015.12.27 20:01 #
 

Welcome Mr.WHRoeder, if you are here! I would be curious what is your opinion about this topic.

Is it possible somehow getting back my_string? Or is there any other good solution?

Thank you!

Back to topics list   | 1 2  

To add comments, please log in or register