Well basically, The Brain's answer summed it all.
Thank-you all who helped in this problem.
I am grateful :)
Printable View
Well basically, The Brain's answer summed it all.
Thank-you all who helped in this problem.
I am grateful :)
I would like to take this opportunity to correct myself.. at first glance while sifting through the hex, I did not see the private key right away.. but I was thinking about this... I recently learned that a null terminated character array should appear as a contiguous block of ascii whilst viewed under the hex editor.. so I decided to take a second look.. and I actually did find the private key.Quote:
I have actually opened the .exe with a hex editor and there is no evidence of the password or private key.
But man.. unless you really know what you are looking for.. there is nothing that readily jumps out at you that says, "Hey look over here.. I'm a private key..!!" It basically blends in with the surrounding random ascii text. Using a decompiler might make the encryption scheme more visible though.
I was also thinking.. just for fun.. you should make a password using my program.. and send it to all your programmer buddies... and ask them if they can decrypt your password.. and see how many of them can do it. You don't even have to be tricky about it, just make a simple weak password.. tell your friend that you applied a simple encryption scheme... (you can even tell them you XOR'd your password if they can't figure it out right away) and see how many of them can come up with your password. The answer may suprise you. :cool:
This is why you don't encrypt passwords in such a way that they can be decrypted. As Kybo_Ren mentioned, store a hash of the password (somewhere), and compare with the hash. Of course, you have to have somewhere secure to store the valid password hash(es), but that is a detail that you wouldn't need to deal with right away (i.e. store it in the executable or a simple file, etc until your program is up and running).
Some cryptographic hashes I can think of off the top of my head:
- MD5
- RIPE-MD
- Tiger
Google will gladly furnish you with the algorithms (and even C source code) for these.
Cheers
*edit* I was replying to Junior's post.