Which encryption method to use?
-
I have a simple C++6.0/MFC SDI application that has some username/passwords associated with it. Up to now I have stored these items in the registry since there was no real security needs. However, there are now a few users who are requesting some increased security so I would like to encrypt/decrypt the username and passwords. I have searched for and found many encryption downloads but was wondering if there is any consensus on a preferred one. I just need to encrypt/decrypt a string as simply as possible, with moderate security. Thanks for your time and any assistance. StoneRaven
-
I have a simple C++6.0/MFC SDI application that has some username/passwords associated with it. Up to now I have stored these items in the registry since there was no real security needs. However, there are now a few users who are requesting some increased security so I would like to encrypt/decrypt the username and passwords. I have searched for and found many encryption downloads but was wondering if there is any consensus on a preferred one. I just need to encrypt/decrypt a string as simply as possible, with moderate security. Thanks for your time and any assistance. StoneRaven
You could use a simple xor on the password. I think the standard way is to use a MD5 hash or SHA hash. You hash the user password and store the hash in the registry. After you get the plain text password from the user you then hash the password and then compare the hash value to the hash value stored in the registry. This way even if the registry is compromised the password is not stored in the clear. Forever Developing
-
I have a simple C++6.0/MFC SDI application that has some username/passwords associated with it. Up to now I have stored these items in the registry since there was no real security needs. However, there are now a few users who are requesting some increased security so I would like to encrypt/decrypt the username and passwords. I have searched for and found many encryption downloads but was wondering if there is any consensus on a preferred one. I just need to encrypt/decrypt a string as simply as possible, with moderate security. Thanks for your time and any assistance. StoneRaven
I don't know what is you application for, but if you need increased security you need to change the way you store user/password. You could encrypt the passwords with any algoritm you want, but if someone modifies the registry and sets the password to null, all you security is f****d up. If you still want to store the info in the registry, and want the users to think that they have improved security, just add 100 or some random number to the string, and is the same.
-
I have a simple C++6.0/MFC SDI application that has some username/passwords associated with it. Up to now I have stored these items in the registry since there was no real security needs. However, there are now a few users who are requesting some increased security so I would like to encrypt/decrypt the username and passwords. I have searched for and found many encryption downloads but was wondering if there is any consensus on a preferred one. I just need to encrypt/decrypt a string as simply as possible, with moderate security. Thanks for your time and any assistance. StoneRaven
StoneRaven wrote:
so I would like to encrypt/decrypt the username and passwords
RC4[^] is well suited for you need
"Opinions are neither right nor wrong. I cannot change your opinion. I can, however, change what influences your opinion." - David Crow
cheers, Alok Gupta VC Forum Q&A :- I/ IV
-
I have a simple C++6.0/MFC SDI application that has some username/passwords associated with it. Up to now I have stored these items in the registry since there was no real security needs. However, there are now a few users who are requesting some increased security so I would like to encrypt/decrypt the username and passwords. I have searched for and found many encryption downloads but was wondering if there is any consensus on a preferred one. I just need to encrypt/decrypt a string as simply as possible, with moderate security. Thanks for your time and any assistance. StoneRaven
If you want to use Win encryption as simply as possible then use CryptProtectData()/CryptUnprotectData() to encrypt/decrypt the secret data before/after writing/reading the registry. These will allow you to use either the machine key (any user on machine can decrypt the data), or the current user key (only that user can decrypt the data). ...cmk Save the whales - collect the whole set
-
If you want to use Win encryption as simply as possible then use CryptProtectData()/CryptUnprotectData() to encrypt/decrypt the secret data before/after writing/reading the registry. These will allow you to use either the machine key (any user on machine can decrypt the data), or the current user key (only that user can decrypt the data). ...cmk Save the whales - collect the whole set
How do I go about getting a storable value from the encrypted DATA_BLOB that can be stored/recovered from the registry and re-inserted in a new DATA_BLOB struct for decryption later on? Thanks...
-
I have a simple C++6.0/MFC SDI application that has some username/passwords associated with it. Up to now I have stored these items in the registry since there was no real security needs. However, there are now a few users who are requesting some increased security so I would like to encrypt/decrypt the username and passwords. I have searched for and found many encryption downloads but was wondering if there is any consensus on a preferred one. I just need to encrypt/decrypt a string as simply as possible, with moderate security. Thanks for your time and any assistance. StoneRaven
if you are putting the app into the public domain, then I suggest that you use at least des56. The hackers out there WILL try to break your encryption and if you use xor or bit flipping, they will break it and post the findings on a hundred hacker bulletin boards. MS has some simple envelope and password encrypt functions in their csp that make it easy or there are many examples out there. I bury a long password in code somewhere and use it as the password to encrypt/decrypt the envelope. Be sure to obfuscate your code or that part where the password is hidden to thwart decompliers. http://msdn.microsoft.com/msdnmag/issues/03/11/NETCodeObfuscation