The Daily Click ::. Forums ::. Klik Coding Help ::. Creating a login with the Encryption Object....one last thing.
 

Post Reply  Post Oekaki 
 

Posted By Message

DEC Stuff



Registered
  07/07/2003
Points
  1348
17th September, 2003 at 19:51:38 -

Well, I have done it, I created a login using the encryption object. YOu create your username and password and it is encrypted. Then you login. If you have the exact right password and username then it decrypts the file and it works. However, if you don't have the right information, it decrypts anyway and corrupts the user file.

I need a way to make it check to make sure the password matches the one in the file prior to decryption. Any ideas? I thought about using a seperate file, but this does jeapordize security. Im looking for an easier way.

I am using the blowfish encryption/decryption object by the way.

 
http://www.decstuff.net

Kris

Possibly Insane

Registered
  17/05/2002
Points
  2017
18th September, 2003 at 07:24:33 -

with encryption you don't compare the password to a saved one. you use the password AS the key to the encryption

(Well, I'd think so anyway but i'm not sure)

Image Edited by the Author.

 
"Say you're hanging from a huge cliff at the top of mt. everest and a guy comes along and says he'll save you, and proceeds to throw religious pamphlets at you while simultaniously giving a sermon." - Dustin G

Aali [Crazy_Productions]



Registered
  13/10/2002
Points
  843
18th September, 2003 at 13:15:11 -

whatever you do, it'll never be safe if its gonna check if its correct first.. don't we all hate windows?

 
"If Darl McBride was in charge, he'd probably make marriage unconstitutional too, since clearly it de-emphasizes the commercial nature of normal human interaction, and probably is a major impediment to the commercial growth of prostitution."
-- Linus Torvalds, December 5th 2003.

(Darl McBride is CEO of The SCO Group)


this place sucks but don't tell anyone, it's our little secret, ok?

Kramy



Registered
  08/06/2002
Points
  1888
18th September, 2003 at 13:26:54 -

I came up with a way, but it's no safer, since if the user moves the file it doesn't decrypt right anymore. Image.gif"></IMG>

 
Kramy

Kris

Possibly Insane

Registered
  17/05/2002
Points
  2017
18th September, 2003 at 13:33:15 -

"don't we all hate windows?"

Uh... It's not Windows' fault

 
"Say you're hanging from a huge cliff at the top of mt. everest and a guy comes along and says he'll save you, and proceeds to throw religious pamphlets at you while simultaniously giving a sermon." - Dustin G

DEC Stuff



Registered
  07/07/2003
Points
  1348
18th September, 2003 at 15:09:30 -

Wait wait. If it's the correct password it decrypts correctly, but if it isn't it doesnt encrypt at all?

Those aren't the results Im getting.

If you decrypt with the wrong password then the file gets corrupted...or doesn't work. Any ideas?

 
http://www.decstuff.net

Kris

Possibly Insane

Registered
  17/05/2002
Points
  2017
18th September, 2003 at 15:49:02 -

sorry, i didnt explain too well. Let's say your file has a 5-byte tag (it can be anything... as long as it's unique). when the password is set, the whole file (including the tag) is encrypted using the password as a key. When decrypting, the password is used as a decrypt key, and if they result of the decrypt contains the specific 5-byte tag you added, the password must be correct

 
"Say you're hanging from a huge cliff at the top of mt. everest and a guy comes along and says he'll save you, and proceeds to throw religious pamphlets at you while simultaniously giving a sermon." - Dustin G

DEC Stuff



Registered
  07/07/2003
Points
  1348
18th September, 2003 at 17:49:25 -

Yeah, thats where I run into problems. When I login or whatever...it works. The First time, the second time, ect. AS Long as the password and username are incorrect.

If I try to set them to something wrong, it says it's incorrect like it should...but when I try to login again it doesn't work.

Any ideas?

 
http://www.decstuff.net

Aali [Crazy_Productions]



Registered
  13/10/2002
Points
  843
19th September, 2003 at 04:28:59 -

of course it is windows fault.. if everyone had a 'NIX you wouldn't have to bother about security

 
"If Darl McBride was in charge, he'd probably make marriage unconstitutional too, since clearly it de-emphasizes the commercial nature of normal human interaction, and probably is a major impediment to the commercial growth of prostitution."
-- Linus Torvalds, December 5th 2003.

(Darl McBride is CEO of The SCO Group)


this place sucks but don't tell anyone, it's our little secret, ok?

Kris

Possibly Insane

Registered
  17/05/2002
Points
  2017
19th September, 2003 at 04:33:30 -

when you're decrypting, copy the save to a temporary file (file1.sav -> file1.tmp or whatever) and decrypt that instead. if the password is correct either decrypt the original file with the same key or replace the original file with the decrypted .tmp (then delete the tmp)

 
"Say you're hanging from a huge cliff at the top of mt. everest and a guy comes along and says he'll save you, and proceeds to throw religious pamphlets at you while simultaniously giving a sermon." - Dustin G

Kramy



Registered
  08/06/2002
Points
  1888
19th September, 2003 at 12:56:53 -

Darn, Kris beat me to it. Image.gif"></IMG>

What I do in my RPG is copy the encrypted file, then decrypt it. If it decrypts wrong, the original is safely intact. After it loads the information from the file(checking that the username matches) it deletes the file. All that happens in about 1 second, so it's kinda hard for anyone to catch their comp in the act.

 
Kramy

DEC Stuff



Registered
  07/07/2003
Points
  1348
19th September, 2003 at 22:50:31 -

Thanks. It helps lots!

 
http://www.decstuff.net

Kris

Possibly Insane

Registered
  17/05/2002
Points
  2017
20th September, 2003 at 06:19:23 -

no problem

 
"Say you're hanging from a huge cliff at the top of mt. everest and a guy comes along and says he'll save you, and proceeds to throw religious pamphlets at you while simultaniously giving a sermon." - Dustin G
   

Post Reply



 



Advertisement

Worth A Click