Well, I have done it, I created a login using the encryption object. YOu create your username and password and it is encrypted. Then you login. If you have the exact right password and username then it decrypts the file and it works. However, if you don't have the right information, it decrypts anyway and corrupts the user file.
I need a way to make it check to make sure the password matches the one in the file prior to decryption. Any ideas? I thought about using a seperate file, but this does jeapordize security. Im looking for an easier way.
I am using the blowfish encryption/decryption object by the way.
with encryption you don't compare the password to a saved one. you use the password AS the key to the encryption
(Well, I'd think so anyway but i'm not sure)
Edited by the Author.
"Say you're hanging from a huge cliff at the top of mt. everest and a guy comes along and says he'll save you, and proceeds to throw religious pamphlets at you while simultaniously giving a sermon." - Dustin G
whatever you do, it'll never be safe if its gonna check if its correct first.. don't we all hate windows?
"If Darl McBride was in charge, he'd probably make marriage unconstitutional too, since clearly it de-emphasizes the commercial nature of normal human interaction, and probably is a major impediment to the commercial growth of prostitution."
-- Linus Torvalds, December 5th 2003.
(Darl McBride is CEO of The SCO Group)
this place sucks but don't tell anyone, it's our little secret, ok?
"Say you're hanging from a huge cliff at the top of mt. everest and a guy comes along and says he'll save you, and proceeds to throw religious pamphlets at you while simultaniously giving a sermon." - Dustin G
sorry, i didnt explain too well. Let's say your file has a 5-byte tag (it can be anything... as long as it's unique). when the password is set, the whole file (including the tag) is encrypted using the password as a key. When decrypting, the password is used as a decrypt key, and if they result of the decrypt contains the specific 5-byte tag you added, the password must be correct
"Say you're hanging from a huge cliff at the top of mt. everest and a guy comes along and says he'll save you, and proceeds to throw religious pamphlets at you while simultaniously giving a sermon." - Dustin G
Yeah, thats where I run into problems. When I login or whatever...it works. The First time, the second time, ect. AS Long as the password and username are incorrect.
If I try to set them to something wrong, it says it's incorrect like it should...but when I try to login again it doesn't work.
of course it is windows fault.. if everyone had a 'NIX you wouldn't have to bother about security
"If Darl McBride was in charge, he'd probably make marriage unconstitutional too, since clearly it de-emphasizes the commercial nature of normal human interaction, and probably is a major impediment to the commercial growth of prostitution."
-- Linus Torvalds, December 5th 2003.
(Darl McBride is CEO of The SCO Group)
this place sucks but don't tell anyone, it's our little secret, ok?
when you're decrypting, copy the save to a temporary file (file1.sav -> file1.tmp or whatever) and decrypt that instead. if the password is correct either decrypt the original file with the same key or replace the original file with the decrypted .tmp (then delete the tmp)
"Say you're hanging from a huge cliff at the top of mt. everest and a guy comes along and says he'll save you, and proceeds to throw religious pamphlets at you while simultaniously giving a sermon." - Dustin G
What I do in my RPG is copy the encrypted file, then decrypt it. If it decrypts wrong, the original is safely intact. After it loads the information from the file(checking that the username matches) it deletes the file. All that happens in about 1 second, so it's kinda hard for anyone to catch their comp in the act.
"Say you're hanging from a huge cliff at the top of mt. everest and a guy comes along and says he'll save you, and proceeds to throw religious pamphlets at you while simultaniously giving a sermon." - Dustin G