• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

[BetterDiscord] Encrypted Text

Bluscream

Former Team
Contributor
#1
Name: Encrypted Text
Description: Allows you to send encrypted text messages.
Author: EhsanKia, Bluscream, confuseh
Download:
You do not have permission to view link Log in or register now.

Source:
You do not have permission to view link Log in or register now.

Documentation:
You do not have permission to view link Log in or register now.

Installation:
  1. If you don't already have it, download and install Discord.
  2. If you don't already have it, download and install BetterDiscord.
  3. Save the EncryptedText.plugin.js under "%appdata%\BetterDiscord\plugins\EncryptedText.plugin.js".


 

Derp

Developer
Contributor
#2
1- Base64 is not a HASH Algorithm, It's an encoding one
2- How is the encryption the key being transmitted to the recipient?
3- You're using a managed AES Implementation library! Which by default uses AES CBC Mode... Keep that in mind, you'll need it in case you decide to decrypt that message outside CryptoJS!

Also keep in mind that in order to decrypt that message outside CryptoJS you will need to know the exact amount of rounds used in the key derivate function used to generate the encryption key :3

Good Luck
 

Derp

Developer
Contributor
#5
you can enter keys in your plugin settings. just check out the gif in the documentation.
So you are encrypting messages, and then you are storing the encryption keys in the plugin settings (Handled by discord I suppose)

Interesting... where's the "security" part though? :3
 

tagKnife

Contributing Member
#6
Its really hard to create a secure encryption service over manages software like discord. You need to create an arbitrary key transfer.
I know of 1 method, that would work, very well in fact as the encryption is designed for this exact scenario.
 

Bluscream

Former Team
Contributor
#7
So you are encrypting messages, and then you are storing the encryption keys in the plugin settings (Handled by discord I suppose)
Discord would need to access these settings, which i would see if they try to. They are saved in the
You do not have permission to view link Log in or register now.
of the Electron webbrowser to be exact. ATM they get saved as base64 but i can also change it so the keys get saved AES encrypted too.
 

Derp

Developer
Contributor
#8
Well.. localstorage can be accessed if it gets queried by the same "origin" that registered it! Discord can do it, you can "see them doing it"(Doesn't help much, does it?), how about "preventing them from doing it" ?

Want truely encrypted messages?

1- Mumble
2- Tox
3- Teamspeak (Prone to security vulns, still better than discord)