Description:
Encrypts Private Messages within the MySQL database. Allows for on-the-fly decryption without the need for a shared key.
Details:
This hack will encrypt sent messages within your MySQL database. No longer will they be viewable in plaintext, thus affording your members a little more security with their private correspondance.
Please be aware that this is not a total security solution. This was devised with simplicity as well as security in mind -- such as that the encryption method used is NOT to be assumed "unbreakable" by any stretch of the imagination.
The messages are encrypted using a method developed and credited to AITOR SOLOZABAL MERIN by where text is encrypted/decrypted using a simple but powerful XOR method without a known key. Implicitly, the key is defined by the string itself in a character by character way. There are 4 items to compose the unknown key for the character in the algorithim:
The ascii code of every character of the string itself
The position in the string of the character to encrypt
The length of the string that include the character
Any special formula added by the programmer to the algorithm to calculate the key to use
This product does not explicitly rely on any vBulletin functions, thus there should not be any problems with future upgrades, etc.
Installation:
1. Download and import the product-pmcrypt1.1.0.xml file via the Product Manager.
2. Enable the product via the AdminCP (vBulletin Options > Private Message Encryption)
3. ???
4. Profit
Version History:
v1.0.0 - Initial Release
v1.0.1 - Fixed bug when replying to an encrypted message.
v1.1.0 - Fixed issue with reply and preview. Encapsulated encryption within base64_encode(); for storage. Smilies no longer run risk of breaking encryption.
* Once enabled, all PM's sent thereafter will be encrypted. This means that should you choose to disable and/or uninstall the product, said PM's will remain encrypted -- rendering them unreadable.
* Please note that this modification was developed on a forum with a userbase of 1 (myself). I've tested it for basic functionality but I cannot guarantee functionality or behavior on your forum. So, please -- make backups before installing this product!
Show Your Support
This modification may not be copied, reproduced or published elsewhere without author's permission.
Do private messages even need an encryption? As far as i know, it is not possible to "steal" or even intercept private messages. Anyway, good idea as far as peace of mind goes.
From what I can tell, those who requested this hack were more concerned with assuring the members that the Admins themselves weren't reading their PMs.
If it is possible and not a big task, I would like to suggest the following:
- A user cp option (checkbox) permitting the member to enable/disable this function;
- A message level option (checkbox) permitting the member to elect this option on a message by message basis;
- Admin level options enabling or disabling each of the above;
Why? As pointed out, there is a degree of risk in using the encryption mod, i.e. if the mod is for whatever reason disabled, removed, broken, whatever - encrypted PMs are effectively lost. Therefore, I would like to put the burden of responsibility for using encryption at the member level. Inform them of the trade-offs and that they use at their option and own risk.
Thanks for the work you have done on this. Installed.
I would install this but it conflicts with my "read pms" hack...
Uh, that's kind of the point. The whole point of encrypting private messages is to provide some form of assurance to your users that neither you (nor anyone else) is easily reading them.
PMCrypt - Private Message Encryption Details »»
About Developer
DB Changes 
Is in Beta Stage 
02-23-2007, 11:08 PM
Thank you for taking the time to make it and sharing it with us. In this day and age it should be a default vb feature.
