Re: Encrypting variables

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: David Hodgkins (DavidHodgkins_at_discussions.microsoft.com)
Date: 09/30/04 

Date: Thu, 30 Sep 2004 09:37:05 -0700

"Ralph" wrote:

>
> "David Hodgkins" <DavidHodgkins@discussions.microsoft.com> wrote in message
> news:935F55C8-DC65-4C19-A701-5F97C6B9B467@microsoft.com...
> > Hello all,
> > I have a program that has to use a hard coded UserID and password to
> > access an encrypted file. For example:
> >
> > **********************************************************
> > Dim strX as string 'UserID
> > Dim strYas string 'password
> > Dim strPath as string 'path to the file
> > Dim secFile as New SecureFile 'class to open encrypted file
> >
> > strX = "JoeSmith"
> > strY = "jkdlsw23gh3"
> > strPath = "C:\Program Files\MyDirectory\MyFile.sec"
> >
> > secFile.open strPath,strX, strY
> > **********************************************************
> >
> > The problem with this is taht if someone were to open the exe with a text
> > editor, the username and password are visible. My proposed solution is
> that
> > instead or typing a literal string is to concatinate together the
> individual
> > characters using the Chr() function.
> >
> > Is this a valid method or is there a better method?
>
> You didn't mention the Windows plaform you need to support, so the actual
> library or call will vary, but don't bother creating your own encryption
> routines - they are often buggy and never as safe as the authors think they
> are. Use the routines provided by your OS. Or open Google and start
> searching for one of the many freebies out there.
>
> On Win2k checkout the "CryptAPI".
>
> hth
> -ralph
>
>
>

It is a shrink-wrapped program designed to run on anything from Win98 on up.
The encryption routine is not my own, but that is just an example. I am not
worried about the encrypted file. What I am worried about is someone using
something like TextPad to open the exe and seeing "J.o.e.S.m.i.t.h." and the
password in the same way.

Relevant Pages

  • Re: Data decryption issue
    ... I did try the Convert routines again, ... because I can successfully decrypt a single record at a time. ... That doesn't tell you that the encryption works. ... posted isn't a concise-but-complete sample of code, ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: How secure are self-extracting encryption files?
    ... > encrypted files to someone who is not using the same encryption software ... The algorithm does not need to be kept secret. ... With a properly-designed self-decrypting .EXE, ... The only vulnerability of a self-extracting .EXE is a "man in the middle" ...
    (comp.os.linux.security)
  • Re: New encryption program and algorithm
    ... trust, sometimes with their life, to protect them and their data. ... With encryption they cannot. ... There are loads of encrytion routines out there that will ... That fear has no sympathy from me at all. ...
    (talk.politics.crypto)
  • Re: New encryption program and algorithm
    ... trust, sometimes with their life, to protect them and their data. ... With encryption they cannot. ... garbage, but some will actually protect their data and some IS just ... There are loads of encrytion routines out there that will ...
    (talk.politics.crypto)
  • Re: Encrypting Data in SQL 2000
    ... .Net encryption ... routines offer a higher level interface to CryptoAPI. ... The encryption in SQL ...
    (microsoft.public.sqlserver.security)