Encrypted Messaging

originally posted by: whereisdagan
Also you just changed the encryption. It wasn't aes-256 earlier.

I'm in development stages, I've changed things a million times in the past 2 days.

I also added SHA256 verification.

Limiting the number of attempts is in the works

originally posted by: whereisdagan
My next question is: Do you have access to the IV's used? Surely you do. Also, do you mind if I "play" with it for awhile using my tools? Not the encryption but the mechanics of it all?

The same IV is never used twice.

The biggest vulnerability in any secure system is the people. As long as the key is long enough and kept secure there's no worries.

Sure, play with it all you want...keep in mind this is under development and not exactly ready for pentesting or anything, lol

Let me know what you find!

Thx bud! I'll devote all day tomorrow to it. a reply to: MykeNukem

originally posted by: Flyingclaydisk
a reply to: MykeNukem

Well, this will get ya' on a list. LOL!

But I presume you already knew this.

Well, let's just say my government and I have a "special" relationship.

With the advances in quantum computing and A.I not much will be safe.... quantum A.I will laugh at our encryption

All the best

originally posted by: Flyingclaydisk
a reply to: stonerwilliam

There are some forms of comms which are absolutely unbreakable. Not even the biggest, baddest, super-computer running AI on steroids can crack, and never will. It's not easy to use though. Just don't get caught using it unless you want a long-term carnal relationship with a 7.5lb microscope and some guy named Agent Smith.

They notice the people trying to hide ! That is what gets you noticed according to a former member of GCHQ .

My friends and I talk in code for our MJ deals always have just to be on the safe side eg 3 sugars in my coffee gives me plausible deniability all day long ,years ago I used to download a lot and never got any warning but they are not looking for people like me .

I do know a person who sent a innocent text about a car /parts and within hours the police were at his door asking him questions, so only a fool would think that they are not being watched or listened into .

There is a LOT more to the Sam Altman story than people realise , why he was sacked then re-hired .

I would love to remember what I was researching on the computer in 2006 time as my door got kicked in by the police and I got a night in the cells on some baloney warrant and both my house computer and laptop were scrubbed clean ikyn .

In all my years online I am proud to say I have never watched porn or anything shady in that respect but it is obvious I looked into something that pushed a button somewhere .

Mind you my superpower is wondering into things by chance and not realising it at the time and when I go to look for it again it has fallen into the Internet black hole

I stir my coffee 40 times, while I set up a powershell backdoor with my listener. At the end of the day though, I just want a job ^.^ the work is the easy part. Applying for it is the hard part. Psychologically, we are all our own worst enemies.

Thanks for the answers Myke!

Just things an old lady like me would want to know.

originally posted by: chiefsmom
Thanks for the answers Myke!

Just things an old lady like me would want to know.

As long as I get some cookies at some point!

I was being noisy and your WAF banned my IP xD I will continue tomorrow

originally posted by: whereisdagan
I was being noisy and your WAF banned my IP xD I will continue tomorrow

Yes.

I was monitoring your attempt at using command injection...

..commix and FFuF and Spider-Foot - tsk tsk...

Keep trying, lemme know what you find....lol

Those are used for enumeration to different degrees. You missed my christmas tree scan apparently. Command injection was noisy at lvl 3 on the 403 forbidden, don't talk about tools publically or our fun ends. You wouldn't like me to talk about the remote code execution on your outdated exim smtp right? Right.

Also, my mentor used your hosting service ^.^

originally posted by: whereisdagan
Those are used for enumeration to different degrees. You missed my christmas tree scan apparently. Command injection was noisy at lvl 3 on the 403 forbidden, don't talk about tools publically or our fun ends. You wouldn't like me to talk about the remote code execution on your outdated exim smtp right? Right.

Erm, talk about whatever you'd like, lol.

I have nothing malicious to hide, I'm not running any SMTP either, though there may be previous installs.

I was just looking for people to test the website not have a tech-dick measuring contest, lol

Does it pass the secure message test? I think so...

I just realized you can't see my PM's which explains everything I've been doing and trying to tell you privately. The following statements were written before I realized that fact but I don't want to edit following statements because they still ring true albeit they aren't subtle.

So what you're saying is you have a bunch of default unpatched insecure software and no clue what else is running on your own site that could easily lead to a mitm attack and completely intercept your plaintext before it's even encrypted? See, I can be rude too but no one benefits. I'm not trying to have a tech-dick measuring contest with you I've been PMing you this whole time. I'd rather we enjoy each other it's more fun.

One more fun poke at you, maybe you should stop reading notifications off your automated security features that tell you what's going on and claiming you are monitoring yhe footprints im leaving with my python enuneration and pay more attention to your own security because that basic crap isn't going to detect the RCE or the MITM which would indeed best your encryption

Also I'm really sorry if any of what I said sounded rude. I'm just really sassy, at least that's what my husband says. I actually really like you I'm just socially retarded and this is me trying to be your friend

originally posted by: whereisdagan
So what you're saying is you have a bunch of default unpatched insecure software and no clue what else is running on your own site that could easily lead to a mitm attack and completely intercept your plaintext before it's even encrypted? See, I can be rude too but no one benefits. I'm not trying to have a tech-dick measuring contest with you I've been PMing you this whole time. I'd rather we enjoy each other it's more fun.

sigh..

So you can't break the encryption, gotcha

Er... great idea.

But if someone has a keylogger (malware) on their system, the person who put the malware there can read the message, too.

Unless you've somehow managed to keep a keylogger from working.