|
Hmm... the whole security problem is why I haven't used encryption before. Sure, it's not a problem for most users, but if the idea is to be really secure, then I would figure you'd want some way to validate in a fairly secure manner.
The reason I proposed using the date is that it would allow some measure of security. Someone could look in a file and figure out how to make a script that decrypts a kixtart encryption.. but if you go off the script creation date and name then they would have to know that the date and name of their file must match, and although it can be done, it's pretty difficult to spoof a modify date.
Lemme think... hmmmm
I have another idea..
Perhaps when encrypting you could have options:
$rc = $crypto.Encrypt($password,$option)
$option could be:
1 - encrypt including modified date of file which would effectively do:
$encpass = $crypto.Encrypt($password + @date)
and $crypto.Decrypt($password,1) would check the modified date of the .kix file being run and effectively do $password = $crypto.Decrypt($encpass + $dateofkixfile)
2 - decrypt to run only from a script found on a domain controller in the domain the script is run from.
Decryption would only work if the script existed in a netlogon share on a domain controller in the given domain. This could be tested pretty easily.
3 - decrypt to run only from a script found on the given @wksta
4 - decrypt to run only from a script started via a logon process.
Brian
[ 31 May 2002, 21:31: Message edited by: BrianTX ]
| 
