vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=140064

PMCrypt - Private Message Encryption
by magnus
21 Feb 2007 19:06

3 Attachment(s)
Keywords: Private, Message, PM, Encrypt, Encode, Security

Description:
Encrypts Private Messages within the MySQL database. Allows for on-the-fly decryption without the need for a shared key.


Details:
This hack will encrypt sent messages within your MySQL database. No longer will they be viewable in plaintext, thus affording your members a little more security with their private correspondance.

Please be aware that this is not a total security solution. This was devised with simplicity as well as security in mind -- such as that the encryption method used is NOT to be assumed "unbreakable" by any stretch of the imagination.

The messages are encrypted using a method developed and credited to AITOR SOLOZABAL MERIN by where text is encrypted/decrypted using a simple but powerful XOR method without a known key. Implicitly, the key is defined by the string itself in a character by character way. There are 4 items to compose the unknown key for the character in the algorithim:
  1. The ascii code of every character of the string itself
  2. The position in the string of the character to encrypt
  3. The length of the string that include the character
  4. Any special formula added by the programmer to the algorithm to calculate the key to use
This product does not explicitly rely on any vBulletin functions, thus there should not be any problems with future upgrades, etc.

This product was developed by request of FGENETICS and DOOGIE88.


Installation:
1. Download and import the product-pmcrypt1.1.0.xml file via the Product Manager.

2. Enable the product via the AdminCP (vBulletin Options > Private Message Encryption)

3. ???

4. Profit


Version History:
v1.0.0 - Initial Release
v1.0.1 - Fixed bug when replying to an encrypted message.
v1.1.0 - Fixed issue with reply and preview. Encapsulated encryption within base64_encode(); for storage. Smilies no longer run risk of breaking encryption.

* Once enabled, all PM's sent thereafter will be encrypted. This means that should you choose to disable and/or uninstall the product, said PM's will remain encrypted -- rendering them unreadable.

* Please note that this modification was developed on a forum with a userbase of 1 (myself). I've tested it for basic functionality but I cannot guarantee functionality or behavior on your forum. So, please -- make backups before installing this product!

magnus 21 Feb 2007 19:06

Reserved.

Stoebi 21 Feb 2007 19:50

Hi,

where is the file? ;)

Surviver 21 Feb 2007 19:51

Wow, very nice :) I'll klick instal if you upload the file :P

projectego 21 Feb 2007 19:53

Sounds very interesting. I'll also click install once the file has been uploaded. ;)

magnus 21 Feb 2007 20:40

Durr.. it helps if actually upload the product. Woops!

/embarass

ZomgStuff 21 Feb 2007 23:08

A lot of potential! Thanks!

Reserved!

Lionel 21 Feb 2007 23:25

Nice! How does it work? Is it decipharable only by the recipient?

doogie88 22 Feb 2007 00:14

Thank you very much.
One question though, is there anything that will notify me if it worked or not?
Because I enabled it, the Admin CP options are there, but I tested with a message, and it is just like a normal message.
Thanks.

** okay it seems to be working, because when you 'reply' you see the encrypted message.
However, the one downfall is when you reply, and the original sender gets the original message back, after the receiver read it, the original quoted message is encrypted.
Anyway to fix that?

magnus 22 Feb 2007 00:42

I'll take a look at it, should be a simple fix.

magnus 22 Feb 2007 01:36

Ok, updated. Fixed the reply bug, however I did run into an issue with smilies during replies. You may want to check the "disable smilies" when replying for the time being, I'll devise a fix for that tomorrow.

doogie88 22 Feb 2007 01:48

What do I need to do to upgrade it? Uninstall it and re-install?

magnus 22 Feb 2007 02:35

You can just install the new version over the old one, just select "Allow Overwrite" on the Product Import page.

doogie88 22 Feb 2007 03:40

Very buggy, having a lot of problems with it.
Most messages aren't being decrypted.

magnus 22 Feb 2007 11:13

If you encrypted messages with 1.0, uninstalled, then installed 1.1 -- that would happen. By uninstalling you remove the added 'encrypt' row to the 'pmtext' table. When you re-install, the 'encrypt' row is added but without the correct integer for the previously encrypted messages. So when viewing those earlier encrypted messages, the decryption engine doesn't know to decrypt them.

I've installed, upgraded, uninstalled, reinstalled, reupgraded, etc.. about a dozen times, and each time the encryption/decryption works fine. The only problem, that I'm aware of currently, is occasionally the encryption text will contain a smiley bbcode (ie. :) ), thus preventing the message from being DEcrypted.

So, until that bug is fixed I would recommend checking "Disable smilies" when sending PM's. Also, keep in mind that this is still Beta, as noted in the original post.

Once I get into my office this morning, I'll go through the code. It was late last night, so God knows.


All times are GMT. The time now is 09:00.

Powered by vBulletin® Version 3.8.14
Copyright © 2020, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.