-
Encrypting passwords
Hey,
For a program that I'm creating, it is necessary for the user of the program to create a profile, which includes a username and a password. Thing is, the password is being stored in a flat file, so obviously that brings up some security questions.
My question to everybody is this: is there a way to collect user input and (either using an algorithm to encrypt it, or some other way) store it in a file so that another user would not be able to just open the file and see the password?
Thanks!
FlyingIsFun1217
-
There are many algorithms to encrypt passwords.
But it depends on your application usage to use which one.
For example if you have contract with DOD it should be very secure. Anyway here's an example.
Password is "siavosh"
We have a table that keeps a number for each character.
Code:
{a = 3 , b = 33,..., s = 2, o = 112 , i = 25, v = 12, h = 433 }
So siavosh will be 2253121122433
It is the simplest possible algorithm and very easy to decrypt for an expert.
[off topic] At last this code tag script has been enabled? What a bad news, what a bad script.
-
Is the password just the password for the program, or do you need to pass the password onto something else?
If it's local, then all you need to do is create a "hash" of the password (eg. md5) and store the hash in the file.
When you next prompt the user for the password, you hash their input, and compare with the stored hash in the file.
-
I was thinking something more along the lines of where the password is analyzed letter/number by letter/number, where each letter/number is assigned a different set of numbers or symbols, so that something like 'password' might be turned into 12312932823.
Hash encryption sounds good, but how would I do that? Does that involve the user creating a hash that they need to keep? How would that be in terms of comparing?
Thanks!
FlyingIsFun1217
-
User selects a password. It will be encrypted and saved somewhere.
Next time user wants to log on, he/she enters a password. This password will be encrypted with exactly the same algorithm of the saved password. Now if they where equal the enter password is correct.
Once I used a loop and a (sin(loop_counter) * loop_counter * hashCode) to encrypt characters. So "d" will be "3" somewhere and "843" somewhere else. These are simple algorithms anyway.
-
Are there any good in-depth sites that explain these kind of things? I get the concept, now I just need to learn how to code it so that it actually works...
Thanks :)
FlyingIsFun1217
-
Try googling. It has a link in my sig.
-
I've been google-ing...
Cant seem to find what I'm looking for :(
Basically, at this point, I would like to do something as simple as collect user text, advance each letter, lets say, 7 times, and save the resulting string.
Are there any sites that have examples of this that are very useful?
Thanks again!
FlyingIsFun1217
-
-
Thank you :)
Mind me asking what search term you used?
Thanks again!
FlyingIsFun1217
-
Code:
#include <string>
void encode(std::string& pass) {
for (unsigned int i = 0; i != pass.size(); ++i) {
pass.at(i) += 7;
}
}
void decode(std::string& code) {
for (unsigned int i = 0; i != code.size(); ++i) {
code.at(i) -= 7;
}
}
int main() {
std::string strPassword = "flyingisfun1217"
encode(strPassword);
decode(strPassword);
}
-
Thank you, that helps a lot, but now that the string has been encrypted, how do you display it? would you use the standard cout<<strPassword ?
Thanks again :)
FlyingIsFun1217
------------------EDIT-------------------
Ok, it does! thanks for the help, from here I'll probably try to do some editing and stuff.
Thanks for all the help!
FlyingIsFun1217
-
With that method probably not a good idea. What it does is simply move each character down in the ascii table by 7 positions, as you requested. But it may return non-printable characters. You can still cout it, but non printable characters... will not print or have interesting side effects.
-
Wouldn't that be fine for (in the end) comparing hashes as I determined earlier? Its not that I need to display the encrypted string...
Thanks!
FlyingIsFun1217
-
But in order to compare, you don't need to display it.
- strPassword stores password
- strUserEnteredPassword stores what password the user attempted
- if (strUserEnteredPassword == strPassword) you give him access.