Update of /cvsroot/activelock/activelock2/test
In directory sc8-pr-cvs1:/tmp/cvs-serv2445
Modified Files:
frmMain.frm modMain.bas
Log Message:
wizzardme2000 found a security breach associated with using md5_hash() function in ALCrypto.dll from the client app.
So I'm switching to using CRC checksum (system API call) as a (hopefully) better alternative.
The MD5 checksum bit inside ActiveLock2.dll is still safe, however, since it is using its own self-contained implementation.
Index: frmMain.frm
===================================================================
RCS file: /cvsroot/activelock/activelock2/test/frmMain.frm,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- frmMain.frm 1 Aug 2003 23:43:31 -0000 1.6
+++ frmMain.frm 2 Aug 2003 07:18:17 -0000 1.7
@@ -301,17 +301,17 @@
Left = 0
Top = 0
Width = 7850
- _ExtentX = 13838
- _ExtentY = 661
- TickerScaleHeight= 21
- TickerScaleWidth= 519
- TickerFontBold = -1 'True
- TickerFontSize = 11.25
- TickerFlash = 0 'False
- TickerPlaySound = 0 'False
- TickerScrollX = 282
- BalloonTipIcon = 0
- BalloonTipText = "No Messages"
+ _extentx = 13838
+ _extenty = 661
+ tickerscaleheight= 21
+ tickerscalewidth= 519
+ tickerfontbold = -1 'True
+ tickerfontsize = 11.25
+ tickerflash = 0 'False
+ tickerplaysound = 0 'False
+ tickerscrollx = 123
+ balloontipicon = 0
+ balloontiptext = "No Messages"
End
End
Begin VB.Frame fraTicker
@@ -491,7 +491,7 @@
Width = 1215
End
Begin VB.Label Label14
- Caption = "ActiveLock's MD5 Checksum:"
+ Caption = "ActiveLock's Checksum:"
Height = 375
Left = 120
TabIndex = 54
Index: modMain.bas
===================================================================
RCS file: /cvsroot/activelock/activelock2/test/modMain.bas,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- modMain.bas 1 Aug 2003 06:15:20 -0000 1.6
+++ modMain.bas 2 Aug 2003 07:18:17 -0000 1.7
@@ -207,8 +207,7 @@
' that you generate your own set of keys to use before deploying your app.
Public Const PRIV_KEY$ = "AAAAgEPRFzhQEF7S91vt2K6kOcEdDDe5BfwNiEL30/+ozTFHc7cZctB8NIlS++ZR//D3AjSMqScjh7xUF/gwvUgGCjiExjj1DF/XWFWnPOCfF8UxYAizCLZ9fdqxb1FRpI5NoW0xxUmvxGjmxKwazIW4P4XVi/+i1Bvh2qQ6ri3whcsNAAAAQQCyWGsbJKO28H2QLYH+enb7ehzwBThqfAeke/Gv1Te95yIAWme71I9aCTTlLsmtIYSk9rNrp3sh9ItD2Re67SE7AAAAQQCAookH1nws1gS2XP9cZTPaZEmFLwuxlSVsLQ5RWmd9cuxpgw5y2gIskbL4c+4oBuj0IDwKtnMrZq7UfV9I5VfVAAAAQQCEnyAuO0ahXH3KhAboop9+tCmRzZInTrDYdMy23xf3PLCLd777dL/Y2Y+zmaH1VO03m6iOog7WLiN4dCL7m+Im"
Public Const PUB_KEY$ = "AAAAB3NzaC1yc2EAAAABJQAAAIBZnXD4IKfrBH25ekwLWQMs5mJuNH7D7U99EKFIsVhKQv17GHxKWvxHv/FwWhI1Rmd8TCiqk4Wmk7H1rh6xdbIVBwDj+RSeiXs8mmQX4/XvaWZx9BIQr5wODWnQCH/tj6Y6In2Xjc2J3B7LSjD60cWDBY/u+z9cSheTHLyhb16zFw=="
-Private Const AL_MD5$ = "f298c67dee092235a533899292721129"
-
+Private Const AL_CRC& = 308603 ' ActiveLock2.dll's CRC checksum to be used for comparison
Public Function Encrypt(strData As String) As String
Dim Key As RSAKey
' create the key from the key blobs
@@ -238,11 +237,11 @@
' Returns the checksum.
'
Public Function VerifyActiveLockdll(obj As IUnknown) As String
- Dim strMd5 As String
- strMd5 = modActiveLock.MD5HashTypeLib(obj)
- Debug.Print "Hash: " & strMd5
- If strMd5 <> AL_MD5 Then
+ Dim crc As Long
+ crc = modActiveLock.CRCCheckSumTypeLib(obj)
+ Debug.Print "Hash: " & crc
+ If crc <> AL_CRC Then
MsgBox "ActiveLock2.dll has been corrupted. If you were running a real application, it should terminate at this point."
End If
- VerifyActiveLockdll = strMd5
+ VerifyActiveLockdll = CStr(crc)
End Function
|
