[BetterDiscord] Encrypted Text

Discussion in 'Plugins' started by Bluscream, Apr 26, 2016.

  1. Bluscream

    Bluscream Contributing Member

    Name: Encrypted Text
    Description: Allows you to send encrypted text messages.
    Author: EhsanKia, Bluscream, confuseh
    Download: http://betterdiscord.net/ghdl?url=h...-Themes/indev/plugins/EncryptedText.plugin.js
    Source: https://github.com/Bluscream/Better...lob/indev/src/plugins/EncryptedText.plugin.js
    Documentation: https://github.com/Bluscream/Better...ob/master/src/plugins/EncryptedText.plugin.md
    Installation:
    1. If you don't already have it, download and install Discord.
    2. If you don't already have it, download and install BetterDiscord.
    3. Save the EncryptedText.plugin.js under "%appdata%\BetterDiscord\plugins\EncryptedText.plugin.js".

    You need to register to view spoilers!
     
  2. Derp

    Derp Contributor

    1- Base64 is not a HASH Algorithm, It's an encoding one
    2- How is the encryption the key being transmitted to the recipient?
    3- You're using a managed AES Implementation library! Which by default uses AES CBC Mode... Keep that in mind, you'll need it in case you decide to decrypt that message outside CryptoJS!

    Also keep in mind that in order to decrypt that message outside CryptoJS you will need to know the exact amount of rounds used in the key derivate function used to generate the encryption key :3

    Good Luck
     
    rofl cake likes this.
  3. DedSec

    DedSec New Member

    how do you get better discord to generate different keys? all i see right now is the default key which is the same?
     
  4. Bluscream

    Bluscream Contributing Member

    you can enter keys in your plugin settings. just check out the gif in the documentation.
     
  5. Derp

    Derp Contributor

    So you are encrypting messages, and then you are storing the encryption keys in the plugin settings (Handled by discord I suppose)

    Interesting... where's the "security" part though? :3
     
  6. tagKnife

    tagKnife Contributing Member

    Its really hard to create a secure encryption service over manages software like discord. You need to create an arbitrary key transfer.
    I know of 1 method, that would work, very well in fact as the encryption is designed for this exact scenario.
     
    Derp likes this.
  7. Bluscream

    Bluscream Contributing Member

    Discord would need to access these settings, which i would see if they try to. They are saved in the local storage of the Electron webbrowser to be exact. ATM they get saved as base64 but i can also change it so the keys get saved AES encrypted too.
     
  8. Derp

    Derp Contributor

    Well.. localstorage can be accessed if it gets queried by the same "origin" that registered it! Discord can do it, you can "see them doing it"(Doesn't help much, does it?), how about "preventing them from doing it" ?

    Want truely encrypted messages?

    1- Mumble
    2- Tox
    3- Teamspeak (Prone to security vulns, still better than discord)
     
  9. konridi

    konridi New Member

Share This Page