I would like to receive the most recent news.
My e-mail is:


Subscribe
FORUM
Forum: Technical questions Back to forum list

Data segment protection by EXECryptor?
Matthew Bragg 24 Nov 2008 10:13:50

My Delphi 6 application retrieves its own updates from my website. The IdFTP component that I am using for the FTP download needs to know my website’s password in order to be able to open the site before downloading the file.

Anyone can use a debugger to find out what my site password is. They just have to step through the program execution until the program defines the password field in the IdFTP structure.

I believe EXECryptor protects the program code from hacking, but is it also able to protect the data segment? If a global variable such as IdFTP.password is defined at some point during execution, can EXECryptor prevent a hacker from seeing it?
#2580
StrongBit Team 27 Nov 2008 13:59:34

Hello,

Firstly we`d like to remind you a password can be hacked without cracking a program but by traffic analyzing entering from FTP.
But if you don`t worry about this you need to use EXECryptor, but not to save it as a “a password” string but to create a password when you need.
There is an example especially for you:
var pswd: string;
.............
pswd:=’p’;
pswd:=pswd+’a’;
pswd:=pswd+’s’;
pswd:=pswd+’s’;
pswd:=pswd+’w’;
pswd:=pswd+’o’;
pswd:=pswd+’r’;
pswd:=pswd+’d’

Thank you for your time

Best regards,
StrongBit Team
#2584
Matthew Bragg 28 Nov 2008 3:48:31

Thanks for the suggestion. I already do something like this so that the password is available only for a short time while the connection is being made, and then set quickly to something else.

I assume that if the hacker steps through the program one instruction at a time, and monitors the IdFTP.password field, he can still find the password at the moment when the site is being opened. I’m not a hacker so I don’t know.

I didn’t know about traffic analyzing. Do you have any suggestion how I can make a program download a file from my http website without revealing the site password to a hacker?
#2585


If you would like to post a question, reply or comment on our general forum you have to be registered. Please register for free and login here

 
Copyright © 1998-2018 StrongBit Technology Terms of Use and Privacy Statement