Re: How good an encryption algorithm is this?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Bonj (Bonj_at_discussions.microsoft.com)
Date: 11/25/04 

Date: Thu, 25 Nov 2004 04:11:01 -0800

That's a possibility. I'd not like to use the processor ID because someone
could legitimately upgrade their processor and be rightly confused when they
had to login again. But the hard-drive ID - they would have to set most
things up again then.

"Alex" wrote:

> "Bonj" <benjtaylor at hotpop d0t com> wrote in
> news:#td8ILa0EHA.3972@TK2MSFTNGP12.phx.gbl:
>
> >
> >> If you're using ODBC to communicate with SQL Server, you probably
> >> pass the password to SQLConnect, so whoever has access to the
> >> computer and curious enough can just look what your application
> >> passes.
> >
> > But surely they'd need to understand how to disassemble machine
> > language into assembly and understand where the "pass" takes place
> > in order to do that?
> No, unless you link with ODBC statically. Against dynamic library one
> can just drop proxy DLL on that computer.
>
> > Thus wouldn't be able to be done by a layman...
> > At the end of the day, if Bloke A's rival, Bloke B, were to sneak
> > onto Bloke A's computer at lunch time, he could technically run
> > whatever SQL he liked just by starting up my program (that the
> > password encryption security is a minor part of), and running it
> > on the server through the application's interface. But, the crux
> > is, Bloke A would return from lunch, discover Bloke B had done
> > something, and immediately change his password, and make sure he
> > locked his terminal in future - the real question is could Bloke B
> > download a program from the internet, load it onto Bloke A's
> > computer, point it at the registry and my program's application
> > directory, and hey presto, he actually *discovers* the password,
> > to use at his own leisure, from his own computer.
> Wouldn't it be easier to just copy the registry entry "as is" and
> bring it to his computer? If you're trying to protect against it, you
> need, as a minimum, to encrypt using a key unique to the computer
> (for example, through the hash of the mac address, or hard drive id)
>
> Alex.
>
>

Relevant Pages

  • Re: How good an encryption algorithm is this?
    ... What is the DLL called that the proxy replaces, so I can make sure my app ... >> At the end of the day, if Bloke A's rival, Bloke B, were to sneak ... >> onto Bloke A's computer at lunch time, ... >> password encryption security is a minor part of), ...
    (microsoft.public.vc.language)
  • Re: How good an encryption algorithm is this?
    ... had to login again. ... >> At the end of the day, if Bloke A's rival, Bloke B, were to sneak ... >> onto Bloke A's computer at lunch time, ... >> password encryption security is a minor part of), ...
    (microsoft.public.vc.language)
  • Re: How good an encryption algorithm is this?
    ... What is the DLL called that the proxy replaces, so I can make sure my app ... >> At the end of the day, if Bloke A's rival, Bloke B, were to sneak ... >> onto Bloke A's computer at lunch time, ... >> password encryption security is a minor part of), ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: How good an encryption algorithm is this?
    ... At the end of the day, if Bloke A's rival, Bloke B, were to sneak onto Bloke ... But, the crux is, Bloke A would return from lunch, discover Bloke ... around the internet for some cracking program someone else has written. ...
    (microsoft.public.vc.language)
  • Re: How good an encryption algorithm is this?
    ... At the end of the day, if Bloke A's rival, Bloke B, were to sneak onto Bloke ... But, the crux is, Bloke A would return from lunch, discover Bloke ... around the internet for some cracking program someone else has written. ...
    (microsoft.public.dotnet.languages.csharp)