Someone who can help me test my password manager?
Hello, I wrote a password manager that stores a domain's name, the username and password and encrypts them. Does anybody know where I can maybe test how secure it is? Is there anybody on this forum who can maybe try and crack it? Thanks for any help in advance.
EDIT: I can attach the source code but its 500+ lines long
EDIT: I can attach the source code but its 500+ lines long
Last edited on
I don't think that someone will test it for you, since it's requires a lot of work...
So test it yourself. Answer following questions:
What happens if
- the file is empty
- the file contains invalid data (most important)
- error while reading the file
- error while writing the file
- the file is extremely large
- another instance of you program is running
- the file data is damage (i.e. parts are missing)
So test it yourself. Answer following questions:
What happens if
- the file is empty
- the file contains invalid data (most important)
- error while reading the file
- error while writing the file
- the file is extremely large
- another instance of you program is running
- the file data is damage (i.e. parts are missing)
| I can attach the source code but its 500+ lines long |
Sending the source code makes the job easy since we can look at the code and work out what and how your encrypting etc.
What you want to test is a real world scenario where a reverser steps your compiled code and attempts to break the encryption to read the data, and/or cracks the application.
I'll take a look, stick the application and a example datafile in dropbox - I am not interested in the source code as this makes my life easy and will give you some feedback on its protection.
@ OP: Not to ruin Softrix's fun here, but another critical security test you should run is to see if there is any component of your hash that can be pulled with strings.exe from the SysInternals suite, or it's *nix counterpart.
@coder777 Thanks I'll run those tests
@Computergeek01 I'm not sure exactly how SysInternals's software work but I'll look it up thanks for the heads up. EDIT: sorry confused this with something else, thanks for the find!
Here is the Onedrive link, I uploaded the exe, a dummy profile file and the source code:
https://onedrive.live.com/redir?resid=FA129B46CBE2B460!1038&authkey=!AFVk9gN6AtBv7v0&ithint=folder%2c
@Computergeek01 I'm not sure exactly how SysInternals's software work but I'll look it up thanks for the heads up. EDIT: sorry confused this with something else, thanks for the find!
Here is the Onedrive link, I uploaded the exe, a dummy profile file and the source code:
https://onedrive.live.com/redir?resid=FA129B46CBE2B460!1038&authkey=!AFVk9gN6AtBv7v0&ithint=folder%2c
Last edited on
Bump! I ran the tests that coder777 suggested and I didn't get any problems (If the data is invalid or some parts are missing it just decrypts that as well as some junk text, but it doesn't crash the program or something like that.). Anyone have some suggestions to help improve the security?
I've just downloaded the exe etc., will have a peek over the weekend when I have more time.
Topic archived. No new replies allowed.