Thread: File security

I have 2 questions :

1) I plan to store some username and password and other information in text files, i need some advice on how I may encrypt the data through coding so that when someone opens the file, he/she would not be able to decipher wat's written.

2) Is there anyway to prevent a user from opening a file so as to prevent corruption to the contents of that file?

1) There are some libraries out there you could use, such as the 'crypt' library, or something like MD5. Search Google for programming and encryption libraries or something and I'm sure you'll get a number of hits.

2) This will be OS specific, and there is no way to permanently lock a file so that it is unreadable. You'll want to encrypt it and use a checksum to prevent tampering. Then when you read it, check the checksum to make sure it hasn't been changed. Again, visit google for more info on checksumming.

[edit] Curses! Foiled again. [/edit]

Quzah.

if u are developing the app in windows then u can use the Crypto API for windows .... The best materail u should read is the msdn ...

Chances are you want to use a one-way hash (MD5 like Quzah mentioned is an example). Here are a few others that come to mind: RIPE-MD, Tiger, SHA-1. Anyways, a search for one-way hash functions will probably find you a few more. The Crypto API is probably a bit much if your not making an encryption program.

Basically, what you do with a one-way hash is encrypt whatever the user enters, and compare it to the values stored in the file (since the hash function cannot be uniquely reversed).

2) This will be OS specific, and there is no way to permanently lock a file so that it is unreadable. You'll want to encrypt it and use a checksum to prevent tampering. Then when you read it, check the checksum to make sure it hasn't been changed. Again, visit google for more info on checksumming.

Check out cyclic-redundancy-checks (CRC). One-way hashes can also be used for that purpose, however.

i see, wow...

all this encryption thing really scares me...dun really know bout the terms u ppl have just mentioned, will try to check the msdn for more info...

wat i would need is some tutorials to help me, i think that'll be great for a start...

U can check out the msdn.microsoft.com for more info on the microsoft crypto provider...U can also find out code for MD5 , Rjin etc .. from the neet google.com ...or search for this book Applied cryptography its free and contains the sorce code for quite a few encryption algorithms...

okay, i've done a bit of reading and have decided to use some basic form of encryption for that purpose...

now wat i would like to know is about CRC, how should it be implemented to check if a file has been tampered with or not?

okay, but is it possible to implement it? or how difficult is it?

i see, u done it b4?

Salem has probably either done it or could do it. If you decide to go ahead with CRC, Google around a bit and then ask specific questions here.

here are some links

googles has it all...
http://directory.google.com/Top/Scie...hy/Algorithms/

if you live in north america look here. if not your prohibited from viewing this page.
http://cryptography.org/

crc
http://www.sewelld.com/CppSourceCode.asp\

md5 one way hash
rfc1321
ftp://ftp.rfc-editor.org/in-notes/rfc1321.txt

http://www.counterpane.com/blowfish-download.html
blowfish. easy, simple, secure. its a simple block cipher.

from Applied Crytography
symmetric algorithms can be divided into two categories. Some operate on the plaintext a single bit at a time; these are called stream algorithms or stream ciphers. Others operate on plaintext in groups of bits. The group of bits are called blocks, and the algorithms are called block algorithms or block ciphers.

basicly the above say that stream ciphers can encrypt any number of bites and block ciphers can encrypt only full blocks of data.
so you'll need to create a buffer of blocks and fill it with your data.
see the below code.

i dont know if i'm using bytes and bits in the right spots.

Code:

cpp code
//you'll need something like this.
//returns a pointer to an array of 64-bite blocks.
//this pointer needs to be 'delete[]' ed when your finished
unsigned long* blf_padData( void* data, const unsigned int len, int &NumofBlocks){
    unsigned long* pdata = 0;//pointer to the padded data.
    unsigned long  temp;
        
    if (!data)
        return NULL;
    
    //get the size of the buffer needed
    NumofBlocks = len/8;    //64-byte blocks == 8 bits
    if (0 != len%8)         //if it doesnt fit perfect then add a block
        NumofBlocks++;                             
    
    //make the buffer
    pdata = new unsigned long[NumofBlocks*2];    //8 = sizeof(unsigned long)*2 = 64-bit block
    
    if (!pdata)
        return NULL;
   
    memset(pdata, 0, sizeof(pdata));
    memcpy(pdata, data, len);
    
    return pdata;
}

they are trying and thats all it takes to make it legal
just like my fav link. "click here if your over 18. and here if your not"