Thread: Advice on storing a password

  1. 07-08-2006 #1
    (TNT)
    (TNT) is offline
    Registered User (TNT)'s Avatar
    Join Date
    Aug 2001
    Location
    UK
    Posts
    339

    Advice on storing a password

    Hi,

    I need my program to store a password, in a file. And the program is going to be open source.

    So baring in mind the encryption algorithm will be easy to obtain, the security rests in the key. With this in mind I am unsure what the best option to use as the key would be, without the user entering a key. I considered using basic XOR on the password using the volume serial number as the key, but this does not seem good in the long term.

    Any ideas on what a decent way to do this would be?

    Thanks
    Jack
    TNT
    You Can Stop Me, But You Cant Stop Us All
  2. 07-08-2006 #2
    whiteflags
    whiteflags is offline
    Lurking whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    9,612
    Only store an encrypted version of the password. Then you would encrypt user input and compare that. That way it is reasonably difficult to crack: they would most likely be reduced to decrypting the stored password by hand.

    I'd also write this kind of thing in a binary file so you avoid writing the password itself in the source, and it isn't legible by humans.

    ...It's a reasonable start.
  3. 07-09-2006 #3
    jafet
    jafet is offline
    Registered User
    Join Date
    Mar 2006
    Posts
    725
    You could use some hash algorithm like SHA (SHA2 variants are recommended for high security applications) to hash the password; reversing the hash would be difficult. You wouldn't need to store the key anywhere: there is no key anyway. You can then store the hash in the binary without much problem.

    As always, ask your user to supply strong passwords in the first place, and use salts.
    Code:
    #include <stdio.h>

void J(char*a){int f,i=0,c='1';for(;a[i]!='0';++i)if(i==81){
puts(a);return;}for(;c<='9';++c){for(f=0;f<9;++f)if(a[i-i%27+i%9
/3*3+f/3*9+f%3]==c||a[i%9+f*9]==c||a[i-i%9+f]==c)goto e;a[i]=c;J(a);a[i]
='0';e:;}}int main(int c,char**v){int t=0;if(c>1){for(;v[1][
t];++t);if(t==81){J(v[1]);return 0;}}puts("sudoku [0-9]{81}");return 1;}
« Previous Thread | Next Thread »
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Problem reading a password from a file.
    By medeshago in forum C Programming
    Replies: 15
    Last Post: 12-21-2008, 07:20 AM
  2. [Q]Hide Password
    By Yuri in forum C++ Programming
    Replies: 14
    Last Post: 03-02-2006, 03:42 AM
  3. Storing a password
    By Hannes in forum C++ Programming
    Replies: 3
    Last Post: 02-12-2005, 01:16 PM
  4. written command line password generator
    By lepricaun in forum C Programming
    Replies: 15
    Last Post: 08-17-2004, 08:42 PM
  5. password
    By hammers6 in forum C Programming
    Replies: 1
    Last Post: 10-10-2001, 12:14 AM