I've been a professional C, Perl, PHP and Python developer.
I'm an ex-sysadmin from the late 20th century.
These days I do more Javascript and CSS and whatnot, and promote UX and accessibility.
Everyone is using encryption, in one form or another. I have seen many, many legit applications with encryption for simple messages, just to hide it from prying eyes. Encryption is used everywhere. To hide configuration settings, to hide database contents, to hide proprietary project formats. Most deployed JavaScript source codes on the web are either obfuscated (with some sort of encryption for strings and variables) or minified.
I've been a professional C, Perl, PHP and Python developer.
I'm an ex-sysadmin from the late 20th century.
These days I do more Javascript and CSS and whatnot, and promote UX and accessibility.
Most deployed Javascript is minified, not obfuscated.
Encryption is used mostly to secure communication between two parties or to restrict who can play your media (like DRM). I can't think of any use case for it in things like hiding configuration settings or database contents. The fact is, if your client-side code has to decrypt something, then the decrypted version exists on the client's computer, rendering the encryption moot.
Well Ben you didn't understand the purpose of this extension, it's not meant to replace traditional encryption algorithms like AES but to provide quick help for regular developers to hide simple things from curious users who might want to sniff around your source codes.
Encryption is used everywhere Ben. I did native, web, mobile development and everyone is using some forms of encryption. Communication channels encryption, messages encryption, database encryption (in automotive software for example), executables encryption to prevent cracking of software, configuration files encryption to prevent someone from tampering with the settings (a lot of games is doing that, also for static configurations), secret endpoints encryption, database connection strings encryption in desktop apps, static project files encryption to prevent patching it or easily stealing its content. Plenty of encryption everywhere.
Every decryption code gets executed at some point, no matter if you use AES, external DLL libraries in native apps or my solution.
I've been a professional C, Perl, PHP and Python developer.
I'm an ex-sysadmin from the late 20th century.
These days I do more Javascript and CSS and whatnot, and promote UX and accessibility.
Encrypting endpoints sounds like a bad idea to me. It's security through obfuscation, which is defeated by either sniffing the network traffic or running a debugger. If someone's prepared to look through your code to find an API endpoint, they're not going to be put off by that sort of thing, and hiding API endpoints sounds like a recipe for disaster - at the very least it implies that your API is insecure.
"obfuscare js strings" is a weird one. Malware does that, but I can't think of any legitimate reason a programmer would want to do it. Is this mainly a tool pitched at malware authors?
I have listed a good number of legitimate uses, why you didn't comment on those at all? You don't think there is a legitimate case for encrypting files or messages within your source codes? This tool is mainly dedicated to regular software developers who might need a simple encryption to hide stuff from prying eyes. If you think there is no point in doing that - you have the right to your own opinion.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Can you think of any examples of where someone would want to do this in the real world?
Malware authors do this all the time. Quite frustrating
Everyone is using encryption, in one form or another. I have seen many, many legit applications with encryption for simple messages, just to hide it from prying eyes. Encryption is used everywhere. To hide configuration settings, to hide database contents, to hide proprietary project formats. Most deployed JavaScript source codes on the web are either obfuscated (with some sort of encryption for strings and variables) or minified.
Most deployed Javascript is minified, not obfuscated.
Encryption is used mostly to secure communication between two parties or to restrict who can play your media (like DRM). I can't think of any use case for it in things like hiding configuration settings or database contents. The fact is, if your client-side code has to decrypt something, then the decrypted version exists on the client's computer, rendering the encryption moot.
Well Ben you didn't understand the purpose of this extension, it's not meant to replace traditional encryption algorithms like AES but to provide quick help for regular developers to hide simple things from curious users who might want to sniff around your source codes.
Encryption is used everywhere Ben. I did native, web, mobile development and everyone is using some forms of encryption. Communication channels encryption, messages encryption, database encryption (in automotive software for example), executables encryption to prevent cracking of software, configuration files encryption to prevent someone from tampering with the settings (a lot of games is doing that, also for static configurations), secret endpoints encryption, database connection strings encryption in desktop apps, static project files encryption to prevent patching it or easily stealing its content. Plenty of encryption everywhere.
Every decryption code gets executed at some point, no matter if you use AES, external DLL libraries in native apps or my solution.
Most common usage is to hide messages you don't want people to find with a simple text editor or a hex-editor, but you can do more:
xor
encryption (you will have to write an encryptor yourself anyway)exe
format afterwardThis engine is incorporated into a few source code obfuscators too to hide the strings and make it hard for automated tools to deobfuscate it.
Encrypting endpoints sounds like a bad idea to me. It's security through obfuscation, which is defeated by either sniffing the network traffic or running a debugger. If someone's prepared to look through your code to find an API endpoint, they're not going to be put off by that sort of thing, and hiding API endpoints sounds like a recipe for disaster - at the very least it implies that your API is insecure.
"obfuscare js strings" is a weird one. Malware does that, but I can't think of any legitimate reason a programmer would want to do it. Is this mainly a tool pitched at malware authors?
I have listed a good number of legitimate uses, why you didn't comment on those at all? You don't think there is a legitimate case for encrypting files or messages within your source codes? This tool is mainly dedicated to regular software developers who might need a simple encryption to hide stuff from prying eyes. If you think there is no point in doing that - you have the right to your own opinion.