Private Messages Enhancements - PMCrypt - Private Message Encryption

Keywords: Private, Message, PM, Encrypt, Encode, Security

Description:
Encrypts Private Messages within the MySQL database. Allows for on-the-fly decryption without the need for a shared key.


Details:
This hack will encrypt sent messages within your MySQL database. No longer will they be viewable in plaintext, thus affording your members a little more security with their private correspondance.

Please be aware that this is not a total security solution. This was devised with simplicity as well as security in mind -- such as that the encryption method used is NOT to be assumed "unbreakable" by any stretch of the imagination.

The messages are encrypted using a method developed and credited to AITOR SOLOZABAL MERIN by where text is encrypted/decrypted using a simple but powerful XOR method without a known key. Implicitly, the key is defined by the string itself in a character by character way. There are 4 items to compose the unknown key for the character in the algorithim:

1. The ascii code of every character of the string itself
2. The position in the string of the character to encrypt
3. The length of the string that include the character
4. Any special formula added by the programmer to the algorithm to calculate the key to use

This product does not explicitly rely on any vBulletin functions, thus there should not be any problems with future upgrades, etc.

This product was developed by request of FGENETICS and DOOGIE88.


Installation:
1. Download and import the product-pmcrypt1.1.0.xml file via the Product Manager.

2. Enable the product via the AdminCP (vBulletin Options > Private Message Encryption)

3. ???

4. Profit


Version History:
v1.0.0 - Initial Release
v1.0.1 - Fixed bug when replying to an encrypted message.
v1.1.0 - Fixed issue with reply and preview. Encapsulated encryption within base64_encode(); for storage. Smilies no longer run risk of breaking encryption.

* Once enabled, all PM's sent thereafter will be encrypted. This means that should you choose to disable and/or uninstall the product, said PM's will remain encrypted -- rendering them unreadable.

* Please note that this modification was developed on a forum with a userbase of 1 (myself). I've tested it for basic functionality but I cannot guarantee functionality or behavior on your forum. So, please -- make backups before installing this product!

[codershark]

Dont works in vbulletin 3.7 RC1 --> after Install all mods and admins cant warning users for a thread

[DssCrazy]

When sending mass pm's to all users the messages are not encry also i also when you have email pms option on it takes longers amount of time to sned to the email it is not instant anymore.

also the message that get encryped you can see in emails when it sends.

[kellyandmark04]

any updates on this as I see this as a big security issue if users update this with there current vbulletin and it is not working and they are using it thinking the PM's are secure

If it is not supported with a format of vbulletin it should be stated

[logicuk]

any updates coming? i would love this for vb 3.7

[ShiZoPhreN]

Hello

Please magnus, make the Plugin for vB 3.7 ready, its a nice Plugin, do not will miss in my vB 3.7

[codershark]

will someone update it to 3.7 ???

[thestaton]

Please update?

[nikki712]

I would love to add this to my forum as well. I'll be keeping an eye out for a 3.7 update!

[ShiZoPhreN]

Hello magnus,

Please update the Hack, in my old forum i use this Plugin, all user PN's are crypted, when i upgrade to 3.7 and its no update for this hack, all my users lost our PN's thats so bad.. :'(

mfg

Shizo

[Hostboard]

Besides the above mentions I would love for a way to make this by user group.