Im making a program in Visual Basic 2008 that requires you to log in, I wish to make the program where it reads a file which tells it the usernames and passwords. Because anyone would be able to just open a text file and read the usernames and passwords I wish to make a custom file type in which only my program is able to open and read. This will the allow the passwords and usernames to be safe. What i want to know is how can i make a custom file type and allow my program to access it? (sorry for the very long run-on sentence)
You want to encrypt the file.
How would i encrypt the file?
[url]http://www.example-code.com/vb/encryption.asp[/url]
Here's a full page or encryption examples.
Can i make my own? Or what? All i really want to do is make the file readable by my program alone.
[QUOTE=zman115;19620746]Can i make my own? Or what? All i really want to do is make the file readable by my program alone.[/QUOTE]
You cannot do that. but you can make the contents of the file decryptable only by you.
The only way to do what you want is to employ some sort of encryption.
Wouldn't it be easier to get the files from an external database. (or internal)
yea, how would i have the program read from a external database?
[QUOTE=jA_cOp;19620969]You cannot do that. but you can make the contents of the file decryptable only by you.
The only way to do what you want is to employ some sort of encryption.[/QUOTE]
Then I open up my ollydbg and I crack his encryption.
[QUOTE=zman115;19621198]yea, how would i have the program read from a external database?[/QUOTE]
If it is binary data you'll want to serialize. Otherwise just a simple insert with whatever text (after encryption).
[editline]10:37PM[/editline]
[QUOTE=Eleventeen;19621239]Then I open up my ollydbg and I crack his encryption.[/QUOTE]
Unless he stores the key in program then ollydbg will only tell you his method. (If poor then it will help, but still some brute force would still be needed).
would this external database be a website or a file on a server?
[QUOTE=zman115;19621277]would this external database be a website or a file on a server?[/QUOTE]
You said that you would be putting it on/pulling it off a "database", shouldn't you know what "database" your using?
lets stop this train for a bit, can someone first help me with how to take passwords that are entered then encrypt them?
Are you asking for help, or are you asking people to code for you?
[QUOTE=windwakr;19621684]
But anyways zman115, [url=http://en.wikipedia.org/wiki/ROT13]just rotate each character 13 places[/url](a becomes n, b-o, etc.) and then xor the whole thing with a key. To decrypt, just xor again with that key and perform another ROT13.[/QUOTE]
That will keep pretty much nobody out. ROT13 is not encryption.
[QUOTE=windwakr;19621684]he could see the key as it accesses it to do the decrypting[/QUOTE]
... you [I]don't know[/I] the key so it will never enter the program if you just sit around in your favorite debugger.
[QUOTE=jA_cOp;19621835]... you [I]don't know[/I] the key so it will never enter the program if you just sit around in your favorite debugger.[/QUOTE]
How will the program know if the key is right without checking a variable stored in the executable?
[QUOTE=windwakr;19621903]-snip-
Ok, think what you want :downs:
I'm not going to argue with someone who has absolutely no clue what they're talking about.[/QUOTE]
[QUOTE=Eleventeen;19621959]How will the program know if the key is right without checking a variable stored in the executable?[/QUOTE]
Did you both fail to read above?
[QUOTE=bord2tears;19621250][highlight]Unless he stores the key in program[/highlight] then ollydbg will only tell you his method. [/QUOTE]
Nobody ever said you should store a key in the executable. That's not encryption.
An encryption key is not equal to a password. You send the key and the encrypted data into the decryption algorithm and if you get your unencrypted data out, it was the correct key. Details vary from algorithm to algorithm.
[QUOTE=Eleventeen;19621959]How will the program know if the key is right without checking a variable stored in the executable?[/QUOTE]
How about I write a simple executable with a key stored in the program itself and see if you can use your magical ollydbg skillz to decrypt the file, because I'd love to see this happen.
Also to contribute to the OP's topic: I recommend you google simple encoding methods in C++ like base32 or something.
The OP only wishes to make the password unreadable by humans, really anything that stores a password on the computer will be breakable one way or another.
[QUOTE=windwakr;19621684][url=http://en.wikipedia.org/wiki/ROT13]just rotate each character 13 places[/url][/QUOTE]
Funny how you embedded that link in your post:
[QUOTE=Wikipedia]The algorithm provides no real cryptographic security and should never be used for such. It is often cited as a canonical example of weak encryption.[/QUOTE]
Again, ROT13 is not encryption and is completely irrelevant to what he wants to do.
[QUOTE=XCIV;19622051]Also to contribute to the OP's topic: I recommend you google simple encryption methods in C++ like base32 or something.[/QUOTE]
Encryption != encoding.
[QUOTE=XCIV;19622051]The OP only wishes to make the password unreadable by humans, really anything that stores a password on the computer will be breakable one way or another.[/QUOTE]
He shouldn't store an unencrypted password on his computer, especially not make an application that expects its users to do the same.
[QUOTE=XCIV;19622051]How about I write a simple executable with a key stored in the program itself and see if you can use your magical ollydbg skillz to decrypt the file, because I'd love to see this happen.[/QUOTE]
Sure, why not.
[editline]04:40PM[/editline]
[QUOTE=zman115;19620104]I wish to make a custom file type in which only my program is able to open and read. This will the allow the passwords and usernames to be safe. What i want to know is how can i make a custom file type and allow my program to access it?[/QUOTE]
The program has to have a key of some sort embedded in it to translate the data to valid data.
[QUOTE=jA_cOp;19622087]
He shouldn't store an unencrypted password on his computer, especially not make an application that expects its users to do the same.[/QUOTE]
The OP barley knows how to use google, what the hell do you think he's making...
[QUOTE=Eleventeen;19622112]The program has to have a key of some sort embedded in it to translate the data to valid data.[/QUOTE]
The key doesn't have to be embedded, it can come from anywhere. It never should be left static anywhere (unless it's a public key coupled with a private one).
[QUOTE=XCIV;19622159]The OP barley knows how to use google, what the hell do you think he's making...[/QUOTE]
Agreed, I don't think he needs encryption either. I think he should have his application query the user every time for their username and password. Or make the application accept the credentials as command line arguments, so he could make a simple script containing his current credentials while testing.
But I don't think that makes it a very good idea to make it seem like encoding will make his password safe. You never know where he'll put the program or who he will give it to if he's sure his password is safe.
[QUOTE=jA_cOp;19622161]The key doesn't have to be embedded, it can come from anywhere. It never should be left static anywhere (unless it's a public key coupled with a private one).[/QUOTE]
Give me an example on how you'd do it.
[QUOTE=windwakr;19622173]Like XCIV said, it just needs to be unreadable to anyone who happens to open it up. That's all the OP asked for, NOT anything complex. Take some bad readings.[/QUOTE]
Some people just like to argue.
[QUOTE=Eleventeen;19622186]Give me an example on how you'd do it.[/QUOTE]
I think he means, you could retrieve it from say an online source.
[QUOTE=Eleventeen;19622186]Give me an example on how you'd do it.[/QUOTE]
I edited my post after your replies.
[QUOTE=XCIV;19622205]
I think he means, you could retrieve it from say an online source.[/QUOTE]
That would certainly be one way, but I'm really just for no encryption at all.
I did read his first post and I do know what he means. I'm replying to the people that might make him think encoding equals encryption, and that encoding makes his file safe or otherwise usable only by his program.
[QUOTE=XCIV;19622205]I think he means, you could retrieve it from say an online source.[/QUOTE]
Yes but then I could just find the online source from the executable.
[QUOTE=Eleventeen;19622290]Yes but then I could just find the online source from the executable.[/QUOTE]
The point would be to have some kind of verification program run on the server, sending the actual data (not a key) only if the request was sound (name? email? password? internet address? MAC address? Whatever suits the current situation.)
Not sure what XCIV were talking about if he meant something else.
Don't use encryption here, unless you're using the operating system's keyring it's completely worthless.
"encrypting" things like this just makes people think their passwords are safe when they're really not at all safe, ergo it's not just a waste of time, it's counter-productive.
Short answer: Don't.
[editline]05:10PM[/editline]
[url]http://developer.pidgin.im/wiki/PlainTextPasswords[/url]
[QUOTE=jA_cOp;19622349]The point would be to have some kind of verification program run on the server, sending the actual data (not a key) only if the request was sound (name? email? password? internet address? MAC address? Whatever suits the current situation.)[/QUOTE]
Exactly, but sending the request has all the sound data, so I could trace that.
Yeah, not if it's done properly.
Sorry, you need to Log In to post a reply to this thread.
