Thread: Password Scheme.

  1. #16
    Registered User
    Join Date
    Mar 2004
    Posts
    5
    Well basically, The Brain's answer summed it all.
    Thank-you all who helped in this problem.
    I am grateful

  2. #17
    VA National Guard The Brain's Avatar
    Join Date
    May 2004
    Location
    Manassas, VA USA
    Posts
    903
    I have actually opened the .exe with a hex editor and there is no evidence of the password or private key.
    I would like to take this opportunity to correct myself.. at first glance while sifting through the hex, I did not see the private key right away.. but I was thinking about this... I recently learned that a null terminated character array should appear as a contiguous block of ascii whilst viewed under the hex editor.. so I decided to take a second look.. and I actually did find the private key.

    But man.. unless you really know what you are looking for.. there is nothing that readily jumps out at you that says, "Hey look over here.. I'm a private key..!!" It basically blends in with the surrounding random ascii text. Using a decompiler might make the encryption scheme more visible though.

    I was also thinking.. just for fun.. you should make a password using my program.. and send it to all your programmer buddies... and ask them if they can decrypt your password.. and see how many of them can do it. You don't even have to be tricky about it, just make a simple weak password.. tell your friend that you applied a simple encryption scheme... (you can even tell them you XOR'd your password if they can't figure it out right away) and see how many of them can come up with your password. The answer may suprise you.
    Last edited by The Brain; 01-04-2005 at 08:08 AM.
    • "Problem Solving C++, The Object of Programming" -Walter Savitch
    • "Data Structures and Other Objects using C++" -Walter Savitch
    • "Assembly Language for Intel-Based Computers" -Kip Irvine
    • "Programming Windows, 5th edition" -Charles Petzold
    • "Visual C++ MFC Programming by Example" -John E. Swanke
    • "Network Programming Windows" -Jones/Ohlund
    • "Sams Teach Yourself Game Programming in 24 Hours" -Michael Morrison
    • "Mathmatics for 3D Game Programming & Computer Graphics" -Eric Lengyel

  3. #18
    Toaster Zach L.'s Avatar
    Join Date
    Aug 2001
    Posts
    2,686
    This is why you don't encrypt passwords in such a way that they can be decrypted. As Kybo_Ren mentioned, store a hash of the password (somewhere), and compare with the hash. Of course, you have to have somewhere secure to store the valid password hash(es), but that is a detail that you wouldn't need to deal with right away (i.e. store it in the executable or a simple file, etc until your program is up and running).

    Some cryptographic hashes I can think of off the top of my head:
    - MD5
    - RIPE-MD
    - Tiger
    Google will gladly furnish you with the algorithms (and even C source code) for these.

    Cheers

    *edit* I was replying to Junior's post.
    The word rap as it applies to music is the result of a peculiar phonological rule which has stripped the word of its initial voiceless velar stop.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Problem reading a password from a file.
    By medeshago in forum C Programming
    Replies: 15
    Last Post: 12-21-2008, 07:20 AM
  2. [Q]Hide Password
    By Yuri in forum C++ Programming
    Replies: 14
    Last Post: 03-02-2006, 03:42 AM
  3. written command line password generator
    By lepricaun in forum C Programming
    Replies: 15
    Last Post: 08-17-2004, 08:42 PM
  4. Password prompt in unix w/o \b
    By rafe in forum C++ Programming
    Replies: 1
    Last Post: 10-09-2002, 08:54 AM
  5. password
    By hammers6 in forum C Programming
    Replies: 1
    Last Post: 10-10-2001, 12:14 AM