I just stumbled by accident over my saved credentials for the PDX Launcher, and while the PW is encrypted i did not fail to notice that the Encrpyted String has several identical Signs at the end, beeing of equal length on all my PDX games.
My conclusion is that you could backtrack to the actual lenght of the PW by having the String (not the actual PW).
While not a major security issue i think that the string should be filled up with random Bytes instead of the same one if the PW is too short to use the whole encrpytion key length.
The above is an example how my pw file looks - o.c. it doesnt say "ENCRYPTEDPASSWORDBUTTHEEND" but some random Letters plus the trailing "="
Those trailing "="s are all the same count no matter what game i look my PW up, while the actual password is encrypted differently everytime.
If my conclusion is wrong and the trailing "="s are there by default no matter what the PW is then i appologize for bringing it up.
My conclusion is that you could backtrack to the actual lenght of the PW by having the String (not the actual PW).
While not a major security issue i think that the string should be filled up with random Bytes instead of the same one if the PW is too short to use the whole encrpytion key length.
Code:
user="Name::mailprovider.domain"
password="ENCRYPTEDPASSWORDBUTTHEEND======"The above is an example how my pw file looks - o.c. it doesnt say "ENCRYPTEDPASSWORDBUTTHEEND" but some random Letters plus the trailing "="
Those trailing "="s are all the same count no matter what game i look my PW up, while the actual password is encrypted differently everytime.
If my conclusion is wrong and the trailing "="s are there by default no matter what the PW is then i appologize for bringing it up.
