Password protection

[RaveT]

Hi !! I would like to now how I will be able to password protect my program.

I am buildning a login and account program to manage my accounts and logins for the web.

Now i would like to have a loginform that will pop up when I start my program everytime so only I can access it.

i would also like to add users so they can use my program with their own passwords

thanx

 

[cyprus106]

In the applications cpp makefile, you would want to dynamically create a form right after

Application->Initialize();

and wait for the user input... when the user types in a password do something like:

if (PasswordForm->PswEdit->Text != "cyprus106istheman&quot
{
break;
Application->Terminate();
}

You'd probably want to make the form appear by calling
ShowModal(); that way it acts as a dialog box, just make sure to keep your buttons ModalResult at what you want it and your application makefile in sync with the Cancel and OK and all that. But I guess that's kind of proprietary.

Cyprus

 

[Supernat03]

If you code the password into the program, anyone with an ascii editor could view it. So depending on the level of security you want, you would probably want to add data encryption to your program. There are some pretty good, simple, decently-secure algorithms out there, just check out the net. You could then save the login and password to the Registry and they would be more secure. If you need further ideas or help using the Registry, let me know. I won't give you an algorith for the data encryption because then I would know the key to your software, and that's just bad liability, haha.

Chris

 

[cyprus106]

lol it was just an example. he could use a ceaser cypher if he wanted to move those things over 10 characters and i'd throw off 90% of the people who might care


Cyprus

 

[Supernat03]

I'm sorry, I don't really know of a particular algorithm. There are so many out there on the internet, just do a search. The only one I could throw out off the top of my head that is better than nothing is the same thing cyprus suggested, but you can add a twist to it to make it a little more difficult to crack. ABC = BCD if you shift to the right by 1. The problem is mostly how to store the password so it isn't seen by anyone and blatantly obvious. That just makes it easier for them to crack it.

When the user types in ABC, you could shift out of the alphanumeric range into higher ascii values. Add 90 to each character they type in for instance. Then store that ascii value (it will not be obvious if they don't know what or where they should look for). Then when the program reads that ascii value back in (from the registry let's say), just compare the password they type in with the one you generate from the stored registry value (by subtracting 90 for each character). To add even more twist, embed a more complicated key into the password. The key I just gave example of would be "Out = In + 90 for all values". You can make a key though that will change based on each character.

The user types in ABC. A=0, B=2, C=4 (or some other algorithm of your choice). Store A+90+0, B+90+2, C+90+4 as the three ascii bytes.
Your key here is 2*((int)EachChar - (int)'A');
In other words, 'A' = 0, 'B' = 2*('B' - 'A') = 2, etc.
Embed this function in your program. You may opt to store the key in the registry or embed the key into the program. Don't store it in the registry as "Password Key"... When you read the value from the registry, only your program (with the right key) will be able to unlock the value in the registry(unless someone has a good crack utility).

Read in from the user and compare the decoded value from the registry. It's that simple.

If they type in ABC, you get [RegByte1 - 90 - 0, RegByte2 - 90 - 2, RegByte3 - 90 - 4].

Another type of key you can use is non-function based. It's simply another password used to encode, decode data. If you make a 20 character key in this fashion, you have 20 bit encryption(I think...). So if Key="ABC123YaYaDaDa", the user types in "XYZ", then the encode routine says
'X' + 'A'],['Y' + 'B'],['Z' + 'C']. Doesn't do so much for short passwords. But if the password is the same length as the key, it's excellent.

If you want to get really complex, you need mathematical functions with only one solution from the key that you pick. I can't get into depth though, it's been too long since I had statistics!

Hope this helps,
Chris

 

[2ffat]

One of the easiest cyphers is to use XOR. You XOR each byte with a number to get another byte. To get back to the original byte, XOR your new byte with the same number. Very simple to impliment but very easy to break once someone has "guessed" your XOR number.



James P. Cottingham

When a man sits with a pretty girl for an hour, it seems like a minute. But let him sit on a hot stove for a minute and it's longer than any hour. That's relativity.
[tab][tab]Albert Einstein explaining his Theory of Relativity to a group of journalists.

 

[butthead]

the login screen could be like a splash screen implimetation and the continuation of the program
is dependant upon the input to the login.

feel free to use this for the login encryption.
I hope you can find it useful.

the key can be just about any string of char.

// This function does the actual encryption and decryption.
int Encrypt (char *string, char *Key, int mode)
{
    // This algorithm stays within the keyboard character
    // environment.


        char *s  = new char[1000];
        int x;
        int y;
        int z;
        int len_string;
        int char_value;

        if (mode == ENCRYPT)
        {
            len_string = strlen (string);

            for (x = 0; x < len_string; x++)
            {
                if (string [x] == 0x9)
                    s [x] = 0x9;

                else
                {
                    z = (int) string [x] + ((int) Key [keycount] - 32);
                    if (z <= 126)
                        s [x] = (char) z;
                    else
                    {
                        z = z - 95;
                        s [x] = (char) (z);
                    }

                    keycount++;
                    if (keycount == key_length)
                        keycount = 0;
                }
            }
            s [x] = NULL;
            strcpy (string, s);
        }

        else if (mode == DECRYPT)
        {
            len_string = strlen (string);

            for (x = 0; x < len_string; x++)
            {
                if (string [x] == 0x9)
                    s [x] = 0x9;

                else
                {
                    z = (int) string [x] - ((int) Key [keycount] - 32);
                    if (z >= 32)
                        s [x] = (char) z;
                    else
                    {
                        z = z + 95;
                        s [x] = (char) z;
                    }

                    keycount++;
                    if (keycount == key_length)
                        keycount = 0;
                }
            }
            s [x] = NULL;
            strcpy (string, s);
        }

        delete s;

        return 0;
}

tomcruz.net

 

[RaveT]

when i try to use the code i get these errormessages:
"Undefined symbol 'ENCRYPT'"
"Undefined symbol 'keycount'"
"Undefined symbol 'key_length'"
"Undefined symbol 'DECRYPT'"

Why?? Should I include some .h files or what am i doing wrong!

I just copied the code and paste it into Builder...

 

[Supernat03]

You need to #define them or enumerate them.

#define ENCRYPT 0
#define DECRYPT 1
or
enum mode_type {ENCRYPT, DECRYPT};
I might be a little off on the syntax of enum.

keycount and key_length are just what they say, but I think the code above doesn't initialize or declare them. So you need to add that part.

Chris

 

[butthead]

enum {ENCRYPT,DECRYPT};

int key_length;
char key [1000];
int keycount;

just a random string or any string you like.
char key [] = "jv`;lasfj;aslkjdf;@"
" 8Zsdf39i592375;v"
"&;34o75;23o45oi273o45'P`"
&quot;w<;2bv;jklfdjg;;wo76o)*LV+|,,x&quot;
&quot;^3.H;otw;or4u356;i4645u6;o u342w&quot;;

dont use thabove key string, as I
dont want to be liable.

as I implement it

void EncryptFile (void)
{
    FILE *file;

    if ((file = fopen("encrypt.tmp", "w")) != NULL)
    {
        int x = dynamic_cast<TRichEdit *>(REdit)->Lines->Count;
        int y = 0;   
        int load = 1;
        char *keyptr;

        key_length = strlen (key);
        keycount = 0;

        // Encrypt each individual line of text.
        for (;y < x; y++)
        {
            strcpy (buff1, dynamic_cast<TRichEdit *>(REdit)->Lines->Strings [y].c_str());
            if (!Encrypt (buff1, key, ENCRYPT))
                fprintf (file ,&quot;%s\n&quot;, buff1);

            // If an error occurs this will stop the process and load a
            // message in the status bar.
            else
            {
                Main->StatusBar1->Panels->Items [2]->Text = &quot;Encryption error&quot;;
                y = x;
                load = 0;
            }
        }
        fclose (file);

        if (load)
        {
            encrypted++;

            dynamic_cast<TRichEdit *>(REdit)->PlainText = plaintext;
            dynamic_cast<TRichEdit *>(REdit)->Lines->LoadFromFile (&quot;encrypt.tmp&quot;);

            if (encrypted == 0)
                Main->StatusBar1->Panels->Items [2]->Text = &quot;&quot;;
            if (encrypted < 0)
                Main->StatusBar1->Panels->Items [2]->Text = &quot;Text Decrypted&quot;;
            if (encrypted > 0)
                Main->StatusBar1->Panels->Items [2]->Text = &quot;Text Encrypted&quot;;
        }

        // Clean up.
        file = fopen(&quot;encrypt.tmp&quot;, &quot;w&quot;);
        fclose (file);  
    }
    else
    {
        ShowMessage (&quot;Unable to create the encryption temp file.&quot;);
    }
}

Im sure ther are some unaswered things but I havent Isolated the code fully as yet to get a clean cut and paste. and Im sure you realize that this is not 128 bit encryption.

tomcruz.net

 

[butthead]

please go here I think things will be clearer

http://tomcruz.net/snippets.html

I have made a few changes and I hope the example usage is clear. email me if you have any questions.

thanks Supernat03

tomcruz.net