Thread: Encrypting passwords

  1. #1
    Registered User
    Join Date
    Oct 2006
    Posts
    118

    Question Encrypting passwords

    Hey,

    For a program that I'm creating, it is necessary for the user of the program to create a profile, which includes a username and a password. Thing is, the password is being stored in a flat file, so obviously that brings up some security questions.

    My question to everybody is this: is there a way to collect user input and (either using an algorithm to encrypt it, or some other way) store it in a file so that another user would not be able to just open the file and see the password?

    Thanks!

    FlyingIsFun1217

  2. #2
    System Novice siavoshkc's Avatar
    Join Date
    Jan 2006
    Location
    Tehran
    Posts
    1,246
    There are many algorithms to encrypt passwords.
    But it depends on your application usage to use which one.
    For example if you have contract with DOD it should be very secure. Anyway here's an example.
    Password is "siavosh"
    We have a table that keeps a number for each character.
    Code:
    {a = 3 , b = 33,..., s = 2, o = 112 , i = 25, v = 12, h = 433 }
    So siavosh will be 2253121122433

    It is the simplest possible algorithm and very easy to decrypt for an expert.

    [off topic] At last this code tag script has been enabled? What a bad news, what a bad script.
    Last edited by siavoshkc; 11-11-2006 at 02:30 AM.
    Learn C++ (C++ Books, C Books, FAQ, Forum Search)
    Code painter latest version on sourceforge DOWNLOAD NOW!
    Download FSB Data Integrity Tester.
    Siavosh K C

  3. #3
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,656
    Is the password just the password for the program, or do you need to pass the password onto something else?

    If it's local, then all you need to do is create a "hash" of the password (eg. md5) and store the hash in the file.

    When you next prompt the user for the password, you hash their input, and compare with the stored hash in the file.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  4. #4
    Registered User
    Join Date
    Oct 2006
    Posts
    118
    I was thinking something more along the lines of where the password is analyzed letter/number by letter/number, where each letter/number is assigned a different set of numbers or symbols, so that something like 'password' might be turned into 12312932823.

    Hash encryption sounds good, but how would I do that? Does that involve the user creating a hash that they need to keep? How would that be in terms of comparing?

    Thanks!

    FlyingIsFun1217

  5. #5
    System Novice siavoshkc's Avatar
    Join Date
    Jan 2006
    Location
    Tehran
    Posts
    1,246
    User selects a password. It will be encrypted and saved somewhere.
    Next time user wants to log on, he/she enters a password. This password will be encrypted with exactly the same algorithm of the saved password. Now if they where equal the enter password is correct.

    Once I used a loop and a (sin(loop_counter) * loop_counter * hashCode) to encrypt characters. So "d" will be "3" somewhere and "843" somewhere else. These are simple algorithms anyway.
    Learn C++ (C++ Books, C Books, FAQ, Forum Search)
    Code painter latest version on sourceforge DOWNLOAD NOW!
    Download FSB Data Integrity Tester.
    Siavosh K C

  6. #6
    Registered User
    Join Date
    Oct 2006
    Posts
    118
    Are there any good in-depth sites that explain these kind of things? I get the concept, now I just need to learn how to code it so that it actually works...

    Thanks

    FlyingIsFun1217

  7. #7
    System Novice siavoshkc's Avatar
    Join Date
    Jan 2006
    Location
    Tehran
    Posts
    1,246
    Try googling. It has a link in my sig.
    Learn C++ (C++ Books, C Books, FAQ, Forum Search)
    Code painter latest version on sourceforge DOWNLOAD NOW!
    Download FSB Data Integrity Tester.
    Siavosh K C

  8. #8
    Registered User
    Join Date
    Oct 2006
    Posts
    118
    I've been google-ing...

    Cant seem to find what I'm looking for

    Basically, at this point, I would like to do something as simple as collect user text, advance each letter, lets say, 7 times, and save the resulting string.

    Are there any sites that have examples of this that are very useful?

    Thanks again!

    FlyingIsFun1217

  9. #9
    System Novice siavoshkc's Avatar
    Join Date
    Jan 2006
    Location
    Tehran
    Posts
    1,246
    Learn C++ (C++ Books, C Books, FAQ, Forum Search)
    Code painter latest version on sourceforge DOWNLOAD NOW!
    Download FSB Data Integrity Tester.
    Siavosh K C

  10. #10
    Registered User
    Join Date
    Oct 2006
    Posts
    118
    Thank you

    Mind me asking what search term you used?

    Thanks again!

    FlyingIsFun1217

  11. #11
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Code:
    #include <string>
    
    void encode(std::string& pass) {
    
        for (unsigned int i = 0; i != pass.size(); ++i) {
            pass.at(i) += 7; 
        }
    
    }
    
    void decode(std::string& code) {
    
        for (unsigned int i = 0; i != code.size(); ++i) {
            code.at(i) -= 7; 
        }
    
    }
    
    int main() {
    
        std::string strPassword = "flyingisfun1217"
    
        encode(strPassword);
        decode(strPassword);
    
    }
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  12. #12
    Registered User
    Join Date
    Oct 2006
    Posts
    118
    Thank you, that helps a lot, but now that the string has been encrypted, how do you display it? would you use the standard cout<<strPassword ?

    Thanks again

    FlyingIsFun1217
    ------------------EDIT-------------------

    Ok, it does! thanks for the help, from here I'll probably try to do some editing and stuff.

    Thanks for all the help!

    FlyingIsFun1217
    Last edited by FlyingIsFun1217; 11-11-2006 at 04:50 AM.

  13. #13
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    With that method probably not a good idea. What it does is simply move each character down in the ascii table by 7 positions, as you requested. But it may return non-printable characters. You can still cout it, but non printable characters... will not print or have interesting side effects.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  14. #14
    Registered User
    Join Date
    Oct 2006
    Posts
    118
    Wouldn't that be fine for (in the end) comparing hashes as I determined earlier? Its not that I need to display the encrypted string...

    Thanks!

    FlyingIsFun1217

  15. #15
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    But in order to compare, you don't need to display it.

    - strPassword stores password
    - strUserEnteredPassword stores what password the user attempted
    - if (strUserEnteredPassword == strPassword) you give him access.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. vBulletin vandals and the wisdom of randomly generated passwords
    By abachler in forum A Brief History of Cprogramming.com
    Replies: 2
    Last Post: 12-08-2008, 05:27 PM
  2. Database programming and passwords
    By Squintz in forum Windows Programming
    Replies: 6
    Last Post: 11-19-2003, 09:05 PM
  3. Encrypting and checking passwords in bigger programs
    By TerryBogard in forum C Programming
    Replies: 1
    Last Post: 11-17-2002, 07:21 AM
  4. XOR Encrypting Program Problem (C++)
    By biosx in forum C++ Programming
    Replies: 2
    Last Post: 02-26-2002, 11:28 AM
  5. Encrypting still
    By bitWise in forum C Programming
    Replies: 1
    Last Post: 10-15-2001, 07:26 PM