Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate
Photo

encrypt the ini file


  • Please log in to reply
4 replies to this topic
bail0ut
  • Members
  • 11 posts
  • Last active: Mar 29 2007 11:52 PM
  • Joined: 24 Jul 2006
I am looking for a way to encrypt my autohotkey.ini file. I have several of my passwords written into the script which loads when I start windows.

I know that I can create another script which will do this, but ideally i would like to start the program, have it load the ini and then encrypt itself. Once I shutdown windows (or manually), it should decrypt the file so that it can be loaded the next time I start-up.

Any help would be appreciated

Thanks

bail0ut

Conquer
  • Members
  • 385 posts
  • Last active: Jan 10 2013 02:14 AM
  • Joined: 27 Jun 2006
If you want something encrypted, ask lazlo. Pm him or wait until he finds the topic.

toralf
  • Moderators
  • 4035 posts
  • Last active: Aug 20 2014 04:23 PM
  • Joined: 31 Jan 2005
There are some encryption/decryption algorithms in this forum. You can use them, to create an extra file that holds the sensitive data. The AHK.ini I would leave as it is and read the password file and decrypt it when loading. But you will then have the passwords decrypted in memory. There is no way around that, as far as I read.
Ciao
toralf
 
I use the latest AHK version (1.1.15+)
Please ask questions in forum on ahkscript.org. Why?
For online reference please use these Docs.

Laszlo
  • Moderators
  • 4713 posts
  • Last active: Mar 31 2012 03:17 AM
  • Joined: 14 Feb 2005
I am not sure I understand the purpose. If you have your pwd.ini file in the encrypted My Documents folder, nobody can read it, until he logs in with the correct Windows username and password. After that the file is available to anyone, who can read the disk (virus, colleague in lunch time, etc.). If this pwd.ini file is read in the memory, and it gets encrypted on disk, no disk reading attacks get the passwords. Before shut down you want to decrypt the file on disk, because it is safe after log off.

However, there are still weaknesses.
- Memory is not protected, where passwords are in the clear.
- Memory gets swapped to disk, when the physical limit is achieved, so low level memory locks are necessary, otherwise the swap file tells your passwords.
- You need to store the key encrypting the pwd.ini file somewhere. If you enter it (or derive it from a password), it has to be long and complicated to prevent dictionary attacks, so you don't gain much. If you store it in a file, an attacker can find it.
- Files are not erased by the OS, just marked as deleted, and a new copy is created. Extra care is needed to overwrite the unencrypted file with garbage.

It looks simpler to keep the pwd.ini file encrypted all the time, and only decrypt the desired password when it is needed, and delete it from memory afterwards. From convenience, you want to keep the decryption key in memory, but in a non-swappable block. Do you really want to deal with all this trouble, or use a good, free password management utility?

bail0ut
  • Members
  • 11 posts
  • Last active: Mar 29 2007 11:52 PM
  • Joined: 24 Jul 2006
Thanks for the suggestions all - I think I will try the 2 file approach.

Most of this work is just to become more comfortable with the tool. It is a great program and while I have read most of the documentation there is nothing like a lot of practice to get proficient.

thanks

bail0ut