When I was in my second semester of college I was tasked with creating a file encrypt/decrypt program. Take in normal textfiles and spit out a new random text and symbols file. I worked on it for two weeks and read up on all different encryption types and stuff. I was so excited when it was done. After it was done compiling I tried it out on its own source code. Encrypto.c and named the output file Encrypto.c 😰 The next thing I did was google " best version control and how to use it."

My company contracted a 3rd party to do an internal system for us...
We only knew about it when it was almost done and we got the code... Oooooo boy.... What a fucking shit they did and got paid for...

They have a encryptPassword() and decryptPassword() functions...

What they do you may ask?
Well...

Encrypt: for loop that reverse the string and base64 it 5 times...

Decrypt: the opposite...

That's how they store passwords....

Our intern snapped at a company meeting when they where talking about maintaining it 😂😂

If anyone here got WanaCry ransomware on his pc, here is a password "WNcry@2o17" to decrypt your files

It were around 1997~1998, I was on middle school. It was a technical course, so we had programing languages classes, IT etc.

The IT guy of our computer lab had been replaced and the new one had blocked completely the access on the computers. We had to make everything on floppy disks, because he didn't trusted us to use the local hard disk. Our class asked him to remove some of the restrictions, but he just ignored us. Nobody liked that guy. Not us, not the teachers, not the trainees at the lab.

Someday a friend and me arrived a little bit early at the school. We gone to the lab and another friend that was a trainee on the lab (that is registered here, on DevRant) allowed us to come inside. We had already memorized all the commands. We crawled in the dark lab to the server. Put a ms dos 5.3 boot disk with a program to open ntfs partitions and without turn on the computer monitor, we booted the server.

At that time, Windows stored all passwords in an encrypted file. We knew the exact path and copied the file into the floppy disk.

To avoid any problems with the floppy disk, we asked the director of the school to get out just to get a homework we theorically forgot at our friends house that was on the same block at school. We were not lying at all. He really lived there and he had the best computer of us.

The decrypt program stayed running for one week until it finds the password we did want: the root.

We came back to the lab at the class. Logged in with the root account. We just created another account with a generic name but the same privileges as root. First, we looked for any hidden backup at network and deleted. Second, we were lucky: all the computers of the school were on the same network. If you were the admin, you could connect anywhere. So we connected to a "finance" computer that was really the finances and we could get lists of all the students with debits, who had any discount etc. We copied it to us case we were discovered and had to use anything to bargain.

Now the fun part: we removed the privileges of all accounts that were higher than the trainee accounts. They had no access to hard disks anymore. They had just the students privileges now.

After that, we changed the root password. Neither we knew it. And last, but not least, we changed the students login, giving them trainee privileges.

We just deleted our account with root powers, logged in as student and pretended everything was normal.

End of class, we went home. Next day, the lab was closed. The entire school (that was school, mid school and college at the same place) was frozen. Classes were normal, but nothing more worked. Library, finances, labs, nothing. They had no access anymore.

We celebrated it as it were new years eve. One of our teachers came to us saying congratulations, as he knew it had been us. We answered with a "I don't know what are you talking about". He laughed and gone to his class.

We really have fun remembering this "adventure". :)

PS: the admin formatted all the servers to fix the mess. They had plenty of servers.

Fuck this, fuck that, fuck the buffer, fuck AES, fuck crypto, fuck node-forge, fuck IV and browsers, once I am done with this fucking cryptographic wrapper on both client and server, the first person to say decrypt and Javascript in the same sentence in front of me will get their own dick in their ass. The guy that said mixing computer and crypto was a bad idea was fucking right

ssh your.server.ip, welcome message:

#Ooops! your files have been encrypted.
#Don't waste your time trying to decrypt them.
#Nobody can.

#We would gladly offer you a way of recovering all
#your files safely, but sadly we lost the decryption
#password.

#Hackers too are not perfect, have a nice day.
#PS. you can still send money to support us if you want at this
#web page: fuckyou.onion.
#Your personal key: m0r0nm0t3fukk3r

(I'll code this one day and install it on somebody machine, it's one of my top dreams)

I was wondering if anybody gets to sniff my wifi and finally finds my pass, so he is able to listen to my encrypted traffic and fully decrypt it (websites without https)!
That is far worse than just using my bandwidth!!
What do you think?
What else the attacker can get?

Does anyone else get intensely frustrated and stressed trying to explain something to someone who repeatedly fails to understand?

"ok so you click decrypt password and then you give it your private key"
"ok I clicked on download rdp file"
"no you want decrypt password"
"and then it will download a file"
"no you need to give it a file"
"which file?"
"THE FUCKING FILE IT SAYS RIGHT THERE STEVE"

Keep in mind this is the fifth time I've walked him through this

Storing DB credentials in a repo that were encrypted using functions... that are in the same repo (both encrypt and decrypt!)...

Can U decode this secrate message?!
(Too easy don't panic!)

ehiiHGdDByDy4wfm8zNyYVCllF0vkKqqBLGXZ/cZyn/7xo2KfD8/qDsMJm3IK3oE

I saw this image on IBM's blog. The author was explaining how blockchain could be used to implement self sovereign identities. But, isn't the last step wrong? In order to decrypt Alice's message, Bob should use his private key instead of Alice's public key, right? Of course, while encryption Alice has to use Bob's public key.

I fucking hate the Internet

day before Yesterday, I was searching for a software on internet(which is not free) I found a site (unofficial) giving me both free full & trial version. so I thought, why not get the full version. I downloaded it, installed it. awesome.

everything was going great until I found out that all of my files in a folder were encrypted by some WankDecrypt. I was lucky the files in that folder were useless. but next day some mysterious links started to pop up into my browser. and today some fucking wank decentralized shit started eating up my ram. FML

Somebody fucking stuck his shit with cracked version of software. so beware devs.

You can't decrypt plaintext.

When you spend 6 hours figuring out how to best encrypt/decrypt your unimportant website cookies just because you don't want people to see how bad you are at naming stuff :x

!(!(!(!(!(!(!(!rant)))))))
My new HTC smartphone hates me.
First it started to shut down all of the sudden yesterday night, when I was solving quadratic equations on my laptop.
I thought that it might be due to low battery. So I have restarted it. After putting itself into a bootloop for 4 start sequences, it was able to fully start to the page where it told me to enter the security pin to decrypt my files. I also had 30 attempts left. Like a ransomware.

I was like "tf I didn't set anything up".
So I decided to use my first attempt as I had 30 attempts left.
I entered the pin (I can swear that it's correct) and it told me that it has to wipe the /data partition.

I did that. I pressed that button. After waiting for 30 minutes I gave up and rebooted into the bootloader.
Bootloader -> Download Mode -> wipe /data (stock rom + stock recovery btw.)

Some error with "e: mount /cache failed[...]e: mount /data failed"
So, I tried using the adb sideload - no success.
Fastbooted into RUU Mode - HTC keeps rebooting itself into the RUU Mode - no success

Tried to flash the firmware and twrp recovery from Download mode - no success
Then I tried to flash all these things from the sd card - no success

Searched for revolutionary (I know this from my old HTC sensation device).
It wasn't big of any help.

Then someone on xda recommended htcDev (htc's <b>developer-friendly</b> lol site)
I followed every step. Everything seemed to be okay.
I got to the last step.
I needed to get my encrypted token by entering "fastboot oem get_identifier_token" to be able to submit it to HTC, and after they would send me an e-Mail with an .bin file that would let me unlock the bootloader to be able to flash my way through all this headache giving fucking piece of dog shit!

But since I can't back to the phone settings to select the bootloader activation box that would let me get my token... but nah.

FML

------------
Sent by using the devRant web app (:\)

Tech idea:

Scrambled/encrypted computer display, viewable through lenses that decrypt/unscramble it for one user only. Useful for public places, where someone might be trying to watch your screen.

Portable from machine to machine through the use of RFID, biometrics, or just a password.

Decrypt api responses in an iOS app which my “senior” dev thinks it is more secure to encrypt responses in stead of setting up a proper SSL cert (they use plain http to save money 🙄)

They disable the encryption since it does not function as we wanted and set up SSL instead🙄

I need to encrypt some large files at rest and then decrypt them immediately prior to processing.

App and files are on a Linux system (CentOS). App is in C. Machine is controlled by a third party.

What encryption libraries would you recommend? And, is there any clever way of managing the decryption key beyond compiling it in the code and doing some basic obfuscation?

Are they fancy obfuscation libraries out there, for example?

And, the reason I'm not going to SO (well, one reason) is that I don't want to have 50 answers that tell me that's it's impossible to 100% protect data on a machine you don't control. This I understand---just looking for "best effort" solution.

I think the fact that even Apple can't unlock your phone if you forget your passcode proves that they use very naive encryption method.

Suppose my data is "Hey This is Some Data" and Passcode is 1234, I could just Jumble this data using that passcode and It will be difficult to decrypt without Passcode. And If data is huge, it will be fairly impossible to do so. But that doesn't make it a good encryption method.

Such encryption, though safe is not practical, Imagine if there was no "Forget Password" Option on any account, I usually forgot my password very often when I was a child.

Apple has been doing such things for years, Using Bad things as a selling point. Apple users are dumb anyways because they don't want to control their phone.

Reset Password is a weak point which might be exploited but in such cases, usability is more important than security. Any service which doesn't allow resetting Password is a shitty service and I would never use such a service, They are too naive.

A small part wants to know what is behind this link ...

If I decrypt the message correctly is says in German: "update of your credit rating. All infos: {link}"

When to log into an encrypted vm that I set up for finances, and realized I had forgotten my password, to decrypt it. Well after a few min I gave up and wrote a short program with all my sees, and rules for altering the seeds and combinations there of.

Got back a few thousand and plugged it into a macro script and went to do chores for my wife. Came back and was in.

To be honest I check on it somewhere in the middle and thought oh crap did I use my dogs name? I didn't but now I am switching to a password manager.

Kind of dev related, during a Firefly one-shot roleplay:

GM: So you have a data chip in your pocket. Do you want to see what's on it?

Me (hesitant): ...Kinda. *wait* Okay, I put the chip into one of my computers.

GM: The data chip shows random gibberish--it's encrypted. Your engineer may know how to decrypt it.

Me: Okay. Hey, Engineer! *holds imaginary data chip out to her* Decrypt this!

Engineer: No. *pause*, *sighs* Fine. But we need to be careful.

GM: Yes, now time for technobabble...

Me: So once we decrypt this, it's probably going to look for the MAC address, so we need an air-gapped machine--a machine that's never been online before--and a TAILS LiveUSB. We'll decrypt the data chip and then destroy the computer.

GM: ...Technobabble.

Fighter: ....I actually understood that and it actually makes sense. Good job. *fist bump*

!rant

Just got a message from a recruiter. It was something different. There was a link with a ZIP file and a bunch of files in it. Plus two MD5 hashes. You should now find the correct private key and the encrypted message to decrypt it with the key. This gave you the password to get further in the application process.
Not particularly difficult, but a refreshing change from the usual blah blah.

Some internet security officers (working for the government on internet privacy related stuff) tells the media that they can decrypt your Facebook credentials in less than 7 seconds.
Everyone let's take a break to laugh at these morons hahaha

So I was hacked, this guys encrypted all my files and asked me to pay BTC to decrypt it. They even changed my wallpaper and gave me put instructions on all my folder directories on how to pay and recover my files

My worst coding mistake

In my last project for the distributed application programming, I was working on encryption for messaging between two users, the mistake was after decrypting the message you should trim it, and I was trimming before which made the message corrupt, this mistake costed me 2 weeks of delay since I couldn't find the problem, the code was like this
Message=decrypt(message.trim());
Where it was supposed to be
Message=decrypt(message).trim();

void encrypt(...) {
[...]
output.Write(iv);
output.Write(salt);
[...]
}

void decrypt(...) {
[...]
input.Read(salt);
input.Read(iv);
[...]
}

Took me 2 hours to figure out why it kept giving me decryption errors :/

I am trying to "invent" secure client-side authentication where all data are stored in browser encrypted and only accessible with the correct password. My question is, what is your opinion about my idea. If you think it is not secure or there is possible backdoor, let me know.

// INPUT:
- test string (hidden, random, random length)
- password
- password again
// THEN:
- hash test string with sha-512
- encrypt test string with password
- save hash of test string
// AUTH:
- decrypt test string
- hash decrypted string with sha-512
- compare hashes
- create password hash sha-512 (and delete password from memory, so you cannot get it somehow - possible hole here because hash is reversible with brute force)

// DATA PROCESSING
- encrypt/decrypt with password hash as secret (AES-256)

Thanks!

EDIT: Maybe some salt for test string would be nice

I want to use the DevRant community for a Unit test.

Inspired by Memento, I will make a tattoo ... but ... I want it encrypted. I know nothing about encryption.

I want to make some encrypted messages and I want you guys to decrypt them.

If I'm gonna put something on my wrist for life, it should be secure

I fucking hate people who uses complex words to describe something simple.

Describing a frame work

Show-off : "..you can define what objects/tables to expose, what values in that object you want to expose...if you are using some orm, then because you have models defined. Once you update your model, your endpoints get the new model..."
Simpleton : "something like parse..."

Wtf is 'fixedUUID'?

Show-off: "..hardcoded UUID is fixed (constant) value, with format of UUID, hardcoded UUID will be unique value between backend and frontend,
you will need to store it as constant value in your codebase ( we may encrypt/ decrypt it for security reasons)..."
Simpleton : "a secret password only u & I know"

--why whyyyyyyyyyy

Hey everyone decrypt this
;÷/ :\/$ /[\ !*! *% )[) :[[! #[= /[\

My N3DS is currently on its way to its grave. I've had malloc issues since I got it, but recently buttons have begun to fail and it's begun to randomly hardlock, when it happens it's so badly locked up that even NMIs fail to get through.

Luckily, it's hacked, so I can decrypt and export everything now before it's totally toast.

Still feels bad, though... it's been the home of 2 DSi's worth of data for a while now as well as new stuff. It's got some emotional weight to it.

Thinking back, it’s pretty terrible how long it took to create my first real development project.

When I was the ages of 13-18 I built websites on and off but I would never consider them good enough. I would literally design a bunch of images and then, using just HTML, put all the images together like a puzzle using exact pixel locations. Might be fine and dandy now but back then it would look great on my monitor but on others it would be an absolute mess.

Anyways, after that I got in college and started learning C++ and did assignments but I don’t count those as my own either. Not until I was 29 (my current age) did I finally develop a program assigned by my internship. Prior to that I always just re-learned C++ over and over again off and on because I had no clue where to go after that.

Apologies for the long intro. So the first development project that I feel is legit at my internship I had to use my companies API to track the amount of time it took for them to encrypt a packet and then decrypt it as well as grabbing the packet and seeing how long the hash was, the letters used in which position and so on. Essentially grab a whole bunch of statistics from their software and then output it to an excel document. It had a menu, and I had to make it work on Windows, Ubuntu, Raspbian, and some other systems on different devices.

I was actually really proud of what I ended up with and they use it to test their new versions and compare and so forth.

So, in my second semester of CS I had a class about OS and the way they work. The professor made us do presentations every two weeks (we were basically giving the class...).

For full points we had to have the presentation, an example (video or pictures), and an activity.

My team was one of the last presentations of the first round (iirc there were 5 rounds). I was in charge of the activity, so I decided to create a program to make it fun (and leaned a new language in the way). Thanks to this the professor gave us extra credit because we were the first team that ever did that.

My classmates decided that it was a good idea to follow my idea and a couple of teams started to code their activities too. At the end of the semester almost every team had a program as their activity...
But the professor didn't gave them extra credit because it wasn't a novelty anymore. :D

In another round, my team got as a topic encryption. By the time I was already a Linux user and I knew a thing or two about encryption, so I decided to do the example in real time showing how to encrypt and decrypt using command line. Once again we received extra credit because of it. :D

At the end of the semester the professor offered me a job as a developer, but I couldn't take it since I moved out of the country the next month :(

That moment when you install a new GPG public key at a client's request...

Then they complain that they can't decrypt files generated three days ago with the key they provided us today.

Well Now I can decrypt Evil corps data !
FYI - if you mail to Elliot Alderson, you might be lucky 😉

Looking for a way to generate an encrypted string (with salt) in C++ then send that string over to a java server and decrypt it on java as well. Any suggestions?

Spent days to setup a newer-Android version with reverse-proxy-HTTPS certificate in its CA store + one that'd support Google Play and signing in (old school man-in-the-middle).
FINALLY got the API calls of this 1 app whose unofficial client I wanted to make coz their main sucks ass. Just to get stuck on the phone-number-based OTP that they use for their login (:

They send a unique token for each OTP request, I assumed they're using some hard-coded string based function, which they decrypt on their backend to verify.
Downloaded their APK and decompiled. Went through dozens of weird-ass-named classes (coz decompiled). For the 2nd time I thought I had it!

But no -.- they call Google's Firebase messaging for the phone-num OTP n that function simply called firebase, looked into that service n ofc it's very tightly coupled with the calling API's backend

It was fun while it lasted I guess~~~

What are the thoughts of privacy conscious people about quantum computers? As far as I understand current TLS version encryption method is vulnerable to quantum computers, thus if your ISP or other agencies store all your traffic data right now, they'll be able to decrypt it after gaining access to quantum computers.

One way to secure your privacy would be to use your own VPN that uses encryption method that is quantum-resistant, but again the VPN would be using TLS to connect to the Internet.

Why you should use sketchware and not use it at the same time regarding: encryption
sketchware the app is known to build apps by dragging elements to the screen then coding them with blocks or even write your code with the built in ide but there is one thing every developer fears. ah yes. the reverse engineers (or modders)
random guy [rates: X]: sketchware encryption is trash! are you serious?! string fog?! class rename?! i decrypted this whole app with the software i made >:D

sketchware dev wrote back to random guy: string fog isn't working because you decrypted sir! there is nothing we can do sir but email to our email and we will get back to you in a few and fix the problem

i have to say this is why i stick to android studio too many skids decrypt the C++ files or the mod menu just to edit stuff :) i also build some games im learning android studio game development but at the time lets have fun and mod other peoples games

I'm tired. I don't want to do these tests anymore. These vague test scenarios I have to decrypt on my own lest asking business shows signs of weakness. I'm slow to test and going way beyond the hours the client estimated and you folks just accepted. How can I finish this when I get pulled to meetings which I am not the decision maker but I'm supposed to be the technical one to help them decide. In between this testing I get emails to help check on issues I'm not even a part of. Production issues I can understand because those have a feel of critical and priority but if you pull me to that I lose time testing. I'm trying. But I'm truly very slow at this. I'm a slow tester for this set of test cases. I'm hating myself every minute as the hours inch to the deadline which is today. I want to sleep but I want to finish as well. Shitty days of drone work that could have been given to somebody else but I can't say no to because you guys accepted. Someone from management just see please, don't give this to me. But you can't see. You probably don't even understand. They asked, you caved because you can't see the list of tasks and level of detail that comes with each thing they ask. This testing is a ridiculous use of my time but I can't say that to the client. You could have. I want to. I truly want to say "Fuck these tests". I tried to push back. But the client of course reasoned back and it was understandable to ask. To do what's good and what's best. How can I say no to that?! I'm almost depleted. I'll just finish this somehow.

Okay I'm probably going to get flak for this but...

WhatsApp chats are apparently e2e secure. Except when you back them up, right? Why not, when you create a backup (iCloud, google drive, whatever), have the app generate a password protected key pair and use that to encrypt/decrypt the backup?

When restoring the backup, use the password you set for the key et voila! While at rest, that backup is still encrypted.

Or have I missed something completely?

When writing regexes why the fuck would you not use \w instead of writing [a-zA-Z0-9] or \d instead of [0-9] or the dozen other metacharacters? Makes it so fucking hard to decrypt long regexes.

So I apparently forgot to encrypt some parameters when sending error reports from our app to the server.
Which means the server tried to decrypt them but couldn´t and just threw an error...

No error logs for the app this week I guess. Yay!

I need "git reset --hard head~1" for my brain this weekend, to get rid of this week...

How do y'all approach media-endpoints?
Specially publicly accessible user-uploaded media

Rn I encrypt the path to the media-
/file and expose it, decrypt on the server (returning a relative file-path) which then fetches the file via File.Read and returns it as-is

I put a cache header and works fine

But something in the back of my mind makes me feel it isnt right

Like, normal endpoints and file-read endpoints shouldnt be in the same backend, potentially affecting each other

But since it's just a fun pet project so Im not paying for a 2nd baremetal server as a CDN/media server -.-

Worst case scenario I use it as-is, but would appreciate hearing other approaches

I am so done for today. I was trying to get this encryption work in Rust, but no fucking way. If I encrypt data in PHP, it is just impossible to decrypt them in Rust. If I encrypt something in Rust, I can decrypt it anywhere, but not the other way around.
I checked the data hundred times and they are exactly the same in both programs. Also OpenSSL library in Rust is so helpful, that it won't show any error details except that there is an error.
Fuck my life!

all this talk of australian crypto laws got me thinking. here's a hypothetical (this might get a little complicated):

for the sake of the security facade, the government decides to not ban encryption outright. BUT they decide that all crypto will use the same key. therefore you can not directly read encrypted things, but it's not really encrypted anymore is it?

part two: there's a concept called chicken sexing, named after people who determine the sex of baby chicks. male chicks are pretty useless and expensive to keep alive, so they are eaten. female chicks go on to lay eggs, so ideally, from a financial standpoint, you only raise hens to maturity. this is nearly impossible to discern early on so at first you're just straight up guessing. is this one female? sure? that one? no? really 50/50. BUT if you have a skilled chicken sexer looking over your shoulder, saying right or wrong, then eventually you get better. why? nobody knows. they can't explain it. nobody can. you just sort of "know" when it's female or not. some people can do 1000s of chicks/hr with success up to 98% but nobody can explain how to tell them apart.

part three. final part:

after years, even decades of using this encryption with only one key, I wonder if people (even if only people who are regularly exposed to crypto like NSA analysts or cryptographers) can ever learn to understand it. in the same way as above. you don't know exactly what it says. or how you know it. you didn't run an algorithm in your head or decrypt it. but somehow you get the gist.

28464e294af01d1845bcd21 roughly translates to "just bought a PS5! WOOT!" or even just pick out details. PS5. excited. bought.

but how do you know that? idk. just do.

oh what a creepy future it has become.

Halp meh, plz... I have run across a problem and I have absolutely no idea how to go about solving it...

So basically I need to decrypt a TDES encrypted Azure service bus message. Can be done in a straightforward manner in .NET Framework solution with just your regular old System.Security.Cryptography namespace methods. As per MSDN docs you'd expect it to work in a .NET Core solution as well... No, no it doesn't. Getting an exception "Padding is invalid and cannot be removed". Narrowed the cause down to just something weird and undocumented happening due to Framework <> Core....

And before someone says 'just use .NET Framework then', let me clarify that it's not a possibility. While in production it could be viable, I'm not developing on a Windows machine...

How do I go about solving this issue? Any tips and pointers?

Oh come the fuck on.

I’m trying to build a SwiftUI app and I can’t decrypt a video while it’s buffering using DisptchQueue? Wtf do you mean “UI must live on the main queue?” I AM running it on the main queue and it fucking crashes!!!

Please, if anybody knows how to use DispatchQueues correctly in Swift, HIT ME UP! I NEED SERIOUS HELP IN THIS BITCH

Great practice/skill sharpening idea for my fellow mad dogs that like to get down in multiple languages/syntaxes:

Pick something simple that won't cause too much stress, but will make you sweat a little bit and put up a good fight, ha!!!

For example, I picked the classic "Caesars Cipher" and picked 5 languages to create it in! I picked Dart, Java, Python, CPP, and C. Each version does the same thing:
1. Asks for a message
2. Runs the logic
3. Prints the message cipher.
4. To decrypt, you just run the same program again and enter the cipher text at the message input prompt. The message gets deciphered using the same logic an shows up as the original text.

The kicker:
Only dox/books allowed for reference. Otherwise it wouldn't push you to get better!!!

Python, C, and CPP were EASY, even with me never having used C before. I am great at using Dart, and that one really challenged me for some reason, but I finally got it. The previous 3 langs took less than 40 lines of code each (with Python being only 18 I believe). Dart actually took somewhere around 50, and Java took about 371784784. (Much love to Java though for real!)

Kinda boring as shit, but I gotta tell you it felt fuckin GREAT to look at all 5 of those programs after completing them, no matter how barbaric... especially when you complete 1 or 2 in a language you've never used or maybe felt really challenged by. Simple exercises that hold a lot of important, relatable logic no matter the subject is our lifeblood!!!

Have been searching on this topic alot lately, but I cant find any good solution, in my opinion.

I have a system where I want to encrypt some data in the database, so it isn't in plain text, but how would you do it properly?
It has to be decrypted to view the data in the system, but how to manage it?

How can I store the keys in the right way? In my current trial, I have a encryption key and an iv, but wouldn't it be wrong to store the encryption key in the config file?

Can't really see how to grasp this the right way and in the same way have it as secure as possible.
Is it just stupid in general?

When looking into hiring a cryptocurrency recovery service, be mindful of their success rate and pricing structure. Reputable services should have a proven record of recovering assets successfully while adhering to ethical practices;

Saclux Comptech Specialst specialize in helping individuals who have lost access to their cryptocurrencies. Utilizing various tools and techniques, they use them to track down missing coins and decrypt encrypted wallets; they even help victims cope emotionally when their digital wealth has been stolen

Recovery specialists with proven success combine cryptography and digital forensics expertise with strong community ties and an awareness of emerging threats to help their clients track down lost coins or decrypt encrypted wallets. Their dedication and compassion towards clients allow them to recognize the human stories behind losses suffered during recovery operations.

Be wary of fraudulent companies posing as cryptocurrency recovery services; therefore, it is vital that you find a genuine service with an excellent track record, offering genuine services at reasonable costs.

How to decrypt an encrypted file...
And requirements for it

Anybody knws...🤔🤔