Encryption | |
Map editor calculates MD5- and SHA1-fingerprints from your password. This can be done in only one direction. It isn't possible to uncover the original password (only with brute force). The SHA1-fingerprint is 20 bytes long and is stored in the map-file. SHA1 is used only to check the password. We need the MD5-fingerprint to generate a 16 byte key. Next, we generate 15 new fingerprints - every time from the last used fingerprint. This way, we get a 256 byte long key. The map file should be XORed with this key (result = byte XOR key). After the last (256th) character, you use the first character again (rotation). The following code (written in BlitzBasic) generates the encryption-table:
|
|
Limitations | |
1) The map loader decrypts the file to a temp-directory, but you can modify the source and decrypt maps directly to memory. 2) It is possible for someone to read your password from the EXE-file. Please use an algorithm to generate the password at runtime. |