Joe,
WOW! and Thanks!
But, what in the world is MD5?
I did check the LR, and did see what MD5 is all about but, could you show me
a simple piece of code that would work. All I need is for the Password to
be encrypted, then saved to a text file.
Thanks though for the great advise,
Jonathon
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "REALbasic NUG" <[email protected]>
Sent: Monday, May 01, 2006 8:54 AM
Subject: Re: PASSWORD PROTECTED data in Text file saved how?
Jonathon Bevar wrote:
If I wanted to save a User and Password editfields, mind you I am using
the
Password mask in the Password editfield, how would the password editfield
be
saved?
Save the MD5 hash of it. Then, to check the user's entered password
against what's saved in the file, compute the MD5 of what the user
entered, and compare it to what's in the file.
Is there some auto-encryption when saved to an .ini or text file?
No.
1> I want this to be easy and for all platforms so hiding it in the
registery is non-sinse to me. A simple text file should be fine if the
editfield data is encrypted already.
Agreed.
2> If this is not the case then, is there an easy encryption method I
could
use to encrypt the Password data to a simple text file?
Yep, MD5.
3> And of course a way of un-encrypt the file to view it to check if it
is
the correct password.
No, you don't want that. If there were an easy way for you to un-encrypt
the password, then that would be an easy way for others to do it, too.
Instead, all you need is a way to encrypt (hash) what the user enters in
the same way it was done originally, so you can compare it to what's in
the file.
This still leaves your users vulnerable to a dictionary attack, of course
(where the bad guy computes the MD5 of every word in the dictionary,
looking for one that matches what's stored for the password). So tell
your users not to pick a password that's a real word.
I am creating a diary log for patients and one end-user wants a password
protected log as he has other members in his family that he does not want
'snooping' in his personal log entries. I don't blame him.
Hmm, I see I didn't fully appreciate your needs; you need to encrypt not
just the password, but the data as well. But the advice above about using
MD5 to store the password is still useful; just treat "storing the
password" and "storing the data" as two different problems. A one-way
encryption (e.g. MD5) is still the best way to store the password.
As for the data, you'll need to do something else. For industrial-grade
encryption, you'll probably need to use a plugin or find a library, as
that code can be quite complex. But there are some relatively simple
things you can do that may be good enough for an app like this. Here's an
example:
1. Put the data to be encrypted into a MemoryBlock (m1).
2. Make a second MemoryBlock (m2) of the same size, and fill this with the
password repeated over and over.
3. Now, zip through the data like this:
for i = 0 to m1.Size - 1
m1.Byte(i) = BitwiseXOR( m1.Byte(i), m2.Byte(i) )
next
This computes the XOR of the data with the password. This will work to
both encrypt and decrypt the data. I want to stress that any serious
cryptographer with a decent amount of data encoded this way could crack it
without breaking a sweat, but it would certainly stump any "normal"
person, and it's easy to implement.
HTH,
- Joe
--
Joe Strout -- [EMAIL PROTECTED]
Available for custom REALbasic programming or instruction.
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.5.1/327 - Release Date: 4/28/2006
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.5.1/327 - Release Date: 4/28/2006
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
