Jonathon Bevar wrote:
> If I wanted to save a User and Password editfields, mind you I am using the
> Password mask in the Password editfield, how would the password editfield be
> saved?
Save the MD5 hash of it. Then, to check the user's entered password against
what's saved in the file, compute the MD5 of what the user entered, and compare
it to what's in the file.
> Is there some auto-encryption when saved to an .ini or text file?
No.
> 1> I want this to be easy and for all platforms so hiding it in the
> registery is non-sinse to me. A simple text file should be fine if the
> editfield data is encrypted already.
Agreed.
> 2> If this is not the case then, is there an easy encryption method I could
> use to encrypt the Password data to a simple text file?
Yep, MD5.
> 3> And of course a way of un-encrypt the file to view it to check if it is
> the correct password.
No, you don't want that. If there were an easy way for you to un-encrypt the
password, then that would be an easy way for others to do it, too. Instead,
all you need is a way to encrypt (hash) what the user enters in the same way it
was done originally, so you can compare it to what's in the file.
This still leaves your users vulnerable to a dictionary attack, of course
(where the bad guy computes the MD5 of every word in the dictionary, looking
for one that matches what's stored for the password). So tell your users not
to pick a password that's a real word.
> I am creating a diary log for patients and one end-user wants a password
> protected log as he has other members in his family that he does not want
> 'snooping' in his personal log entries. I don't blame him.
Hmm, I see I didn't fully appreciate your needs; you need to encrypt not just
the password, but the data as well. But the advice above about using MD5 to
store the password is still useful; just treat "storing the password" and
"storing the data" as two different problems. A one-way encryption (e.g. MD5)
is still the best way to store the password.
As for the data, you'll need to do something else. For industrial-grade
encryption, you'll probably need to use a plugin or find a library, as that
code can be quite complex. But there are some relatively simple things you can
do that may be good enough for an app like this. Here's an example:
1. Put the data to be encrypted into a MemoryBlock (m1).
2. Make a second MemoryBlock (m2) of the same size, and fill this with the
password repeated over and over.
3. Now, zip through the data like this:
for i = 0 to m1.Size - 1
m1.Byte(i) = BitwiseXOR( m1.Byte(i), m2.Byte(i) )
next
This computes the XOR of the data with the password. This will work to both
encrypt and decrypt the data. I want to stress that any serious cryptographer
with a decent amount of data encoded this way could crack it without breaking a
sweat, but it would certainly stump any "normal" person, and it's easy to
implement.
HTH,
- Joe
--
Joe Strout -- [EMAIL PROTECTED]
Available for custom REALbasic programming or instruction.
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
