[BetterDiscord] Encrypted Text

Bluscream · Apr 26, 2016

Name: Encrypted Text
Description: Allows you to send encrypted text messages.
Author: EhsanKia, Bluscream, confuseh
Download: http://betterdiscord.net/ghdl?url=h...-Themes/indev/plugins/EncryptedText.plugin.js
Source: https://github.com/Bluscream/Better...lob/indev/src/plugins/EncryptedText.plugin.js
Documentation: https://github.com/Bluscream/Better...ob/master/src/plugins/EncryptedText.plugin.md
Installation:

If you don't already have it, download and install Discord.
If you don't already have it, download and install BetterDiscord.
Save the EncryptedText.plugin.js under "%appdata%\BetterDiscord\plugins\EncryptedText.plugin.js".

Derp · Apr 26, 2016

1- Base64 is not a HASH Algorithm, It's an encoding one
2- How is the encryption the key being transmitted to the recipient?
3- You're using a managed AES Implementation library! Which by default uses AES CBC Mode... Keep that in mind, you'll need it in case you decide to decrypt that message outside CryptoJS!

Also keep in mind that in order to decrypt that message outside CryptoJS you will need to know the exact amount of rounds used in the key derivate function used to generate the encryption key :3

Good Luck

DedSec · Apr 28, 2016

how do you get better discord to generate different keys? all i see right now is the default key which is the same?

Bluscream · Apr 30, 2016

you can enter keys in your plugin settings. just check out the gif in the documentation.

Derp · Apr 30, 2016

Bluscream said:
you can enter keys in your plugin settings. just check out the gif in the documentation.

So you are encrypting messages, and then you are storing the encryption keys in the plugin settings (Handled by discord I suppose)

Interesting... where's the "security" part though? :3

tagKnife · May 3, 2016

Its really hard to create a secure encryption service over manages software like discord. You need to create an arbitrary key transfer.
I know of 1 method, that would work, very well in fact as the encryption is designed for this exact scenario.

Bluscream · May 3, 2016

Derp said:
So you are encrypting messages, and then you are storing the encryption keys in the plugin settings (Handled by discord I suppose)

Discord would need to access these settings, which i would see if they try to. They are saved in the local storage of the Electron webbrowser to be exact. ATM they get saved as base64 but i can also change it so the keys get saved AES encrypted too.

Derp · May 3, 2016

Well.. localstorage can be accessed if it gets queried by the same "origin" that registered it! Discord can do it, you can "see them doing it"(Doesn't help much, does it?), how about "preventing them from doing it" ?

Want truely encrypted messages?

1- Mumble
2- Tox
3- Teamspeak (Prone to security vulns, still better than discord)

konridi · May 23, 2016

i can encrypt the messages but the plugin doesnt decrypt them.
http://prntscr.com/b7jhwe

[BetterDiscord] Encrypted Text

Bluscream

Derp

DedSec

Member

Bluscream

Derp

tagKnife

Well-Known Member

Bluscream

Derp

konridi

Member