Notify users that calls are being made to external services

Question

Notify users that calls are being made to external services

alopresto opened this issue 7 years ago · 1 comments

The assumption with a local tool is that it will perform the decoding locally. If a user is decoding sensitive information, they may not want it being sent to remote services which can log this data, and especially not over plaintext HTTP.

Ideally, the brute-forcing would be performed locally using a word-list, but if it must be performed remotely,

use HTTPS for all network communications
inform users prevalently in the documentation that their data will be sent to a remote service
provide a warning on the command line before sending and require confirmation (can be bypassed with a command-line arg indicating awareness for scripting)

These URLs are accessed by the tool for the following hash schemes:

SHA-256 -- "http://md5decrypt.net/Api/api.php?hash="+hashvalue+"&hash_type=sha256&email=deanna_abshire@proxymail.eu&code=1152464b80a61728"
SHA-1 -- "http://hashcrack.com/index.php"
MD5 -- "http://www.nitrxgen.net/md5db/" + string

Answer 1 · 2018-04-06T20:30:27.000Z

Thanks for your suggestion.
A new option -s has been introduced. If you are dealing with sensitive data, you can use this option to prevent Decodify from connecting to third party services.
For example,

dcode -s <some sensitive string>