Encryption

[Rowe]

Wouldn't it be best that you as the owner have complete access to all material, beside their password?

[blunted]

TY for the temp solution, i guess that was 1 feature my members really loved.

so my question is is there any way to port that vb plugin to smf perhaps? use an encryption possibly optional where users must share keys, or would there be any possibility of a pgp type solution?

im trying to secure and make my members happy.

ty

or another option is there a method to encrypt the entire smf database? say being unecrypted on the fly via admin keys?

[Arantor]

Not without completely rewriting it.

Why are you so intent on implementing something that only gives the *illusion* of security, rather than actual security? If it is encrypted it can be unencrypted, and there's no reason why you as the administrator can't do that to your users' data.

Look at it this way, if you told me that you'd encrypted the data but that you couldn't decrypt it yourself, I'd wonder whether it was you lying about it, or you being too incompetent to do it. You won't like that reality, but that's how it is.

[blunted]

my members want it #1
#2 i could not unencrypt it
#3 lets not make any software as all software has flaws
#4 how about writing something constructive?

[Arantor]

1. *shrug*

2. That's only because you don't have the knowledge, not because you physically couldn't. There's also no reason to assume that you won't learn that in the process of working on a forum.

3. All software has flaws. It is the job of the programmers of software (like I do as my day job) to minimise the flaws by good design. Something that gives the impression of security isn't secure, it just looks secure.

4. I have been constructive. Constructive criticism, that is. I'm trying to prevent you from 1) lying to your members about what you think you would be doing and 2) burning cash (because no-one's going to be doing this for free) on something that is broken by design.

But hey, you want to spunk cash on something that is fundamentally pointless, go right ahead.

[blunted]

I offered payment #1
#2 i brought up several methods including allowing users to choose to encrypt with both needing to know the key.

i guess if that's flawed every form of encryption is. please stop trolling my thread

[Colin]

What encryption type are you looking for?

[blunted]

I am honestly open to ideas, the stronger the better of course.
if it could however be something like the vb plugin where it was automatic for simplicity that would be great.

Again i know this isnt gonna be military grade unless its made very hard to use 'unless you know a way :p

[Herman's Mixen]

TY for the temp solution, i guess that was 1 feature my members really loved.

so my question is is there any way to port that vb plugin to smf perhaps? use an encryption possibly optional where users must share keys, or would there be any possibility of a pgp type solution?
another option is there a method to encrypt the entire smf database? say being unecrypted on the fly via admin keys?

In order of security both (VB/SMF) mods use base64 decrypt/encrypt options, MySQL itself uses AES encryption SMF uses SHA-1, SHA-2 i believe there is SHA-3 comming ASAP ..

Algoritmes are breakable just need to understand how it works, ...

what Arantor said is so true ... in my opinion its more a server security setup host side or at your home don't know your situation how you use it...

if ya need a more secure algoritme you have to dig into it, all algoritmes are breakable but its harder to get somewhere...

this are just my 2 cents

[Arantor]

In order of security both (VB/SMF) mods use base64 decrypt/encrypt options, MySQL itself uses AES encryption SMF uses SHA-1, SHA-2 i believe there is SHA-3 comming ASAP ..

base64 is not encryption.

SHA anything is not an encryption cipher, it is a hashing algorithm. Hashing anything makes it not retrievable, which is why you use it for passwords - because you can't recover the original password out of it.

Algoritmes are breakable just need to understand how it works, ...

Not exactly. The details of all of the above algorithms are all published.

if ya need a more secure algoritme you have to dig into it, all algoritmes are breakable but its harder to get somewhere...

Except that by definition the details must be preserved to make it readable again (which lets out SHA anything). If you keep the details, you can decrypt it with minimal effort. It is no more secure than not encrypting it at all.

i guess if that's flawed every form of encryption is. please stop trolling my thread

The only thing that's flawed is your understanding of what you're asking for.

*shrug* What I will tell you is that any of the capable-enough programmers around here will tell you the same thing I have - like several people already have. Good luck.

[Herman's Mixen]

I agree with ya, just what i want to tell was as the VB mod use Base64 also the SMF one use Base64 so both are pointless as an PM crypto...

it maybe looks secure but aint that way...

[Arantor]

See, here's my main objection. If the point is to prevent the OP from accessing PMs, all he has to do is *not go into phpMyAdmin, or if he does, then not go into the main PM table*. It's that simple.

[Herman's Mixen]

or just shutdown the PM system by the permission

[blunted]

My point was i wanted an actual system and all you have done is ****** on my thread. for the last time PLEASE stop trolling!

it shouldnt matter if i want animated bunny rabbits to jump on the screen. im asking for a feature and willing to pay for it.

[Arantor]

And if you wanted something that's comparable to vB's system, one was pointed out to you, complete with a breakdown of why it's pointless. You said yourself you wanted what vB has, there you go, right there, already made.

[blunted]

Actually i did not and they do not appear to be the same again STOP TROLLING!

[Arantor]

Pointing out the truth is not trolling. Explaining why something is so doesn't make it trolling. But since you want me to leave, fine. Just bear in mind that no-one around here with any real coding skill (or a sense of ethics) will listen.

Just a thought for you, would it have made a difference if I had an SMF team member badge? Because I am ex-SMF team, and no, I wasn't kicked out, I resigned.

[blunted]

might wanna rethink that truth, running text from sm plugin through base-64 decoder decodes it.

running it though vb version does not decode it. hmmm doesn't seam the same to me.

but i guess real world examples or the other countless encryption products i have used hell and the military uses dont exist either.

just delete the thread as you obvious have no wish to actually help me.

and btw you kinda lost all cred to me when you said the vb and smf are identical yet 1 encrypts and 1 doesnt

[Arantor]

Please tell me, with links, where I said it was the same. I said they were comparable, in that neither is encryption, they are encoding processes (assuming you mean the one that uses 4 XOR processes, which merely scrambles bits but is completely reversible with little effort, especially since you don't even have to encode a key into it). The fact you can't tell the difference between encryption and encoding is another matter entirely. If you want to lay that claim, check out The Burglar's post where he says that.

I'm not a moderator, I don't have the power to delete a thread. The thing is, the next time this thread comes along, someone else will either point to this one and/or make all the same observations that I have.

EDIT: Reported this to the moderators, maybe one of them will do something about it. I also invited them to issue me with a warning for trolling if they agree (and the team has demonstrated that they're willing to issue me with a warning if appropriate)

[blunted]

i can show you where you said you would leave, yet have you?