Overview
Examples
Screenshots
Comparisons
Applications
Download
Documentation
Tutorials
Bazaar
Status & Roadmap
FAQ
Authors & License
Forums
Funding Ultimate++
Search on this site
Search in forums












SourceForge.net Logo
Home » Community » Newbie corner » Encrypting password in .ini file with aes
Re: Encrypting password in .ini file with aes [message #45134 is a reply to message #45133] Sat, 12 September 2015 22:19 Go to previous messageGo to previous message
Mindtraveller is currently offline  Mindtraveller
Messages: 917
Registered: August 2007
Location: Russia, Moscow rgn.
Experienced Contributor
Hi Giorgio,

According to Kerckhoffs's principle, you can't leave any kind of key in the source code, because it is almost the same "security" as unencrypted password.
It all usually means you'll have to split into parts the information needed to construct the key. At least one part of it can't be reverse engineered from source code or app data files. The truth is everything you construct programmatically will be reconstructible and reverse engineerable. The honest solution here is to make user remember the key (or part of it) himself. More dirty solution is to make this key generated by a number of algorithms wich will just separate lazy hackers.
And the last note is about the key itself. Please don't make user's password an encryption key. It lowers security level. Please use at least this formula:
key = hash(salt + password)

Thanks
Pavel

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Previous Topic: Action on exit from an EditString field
Next Topic: manjaro linux and Ultimate++
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Mon May 06 11:01:53 CEST 2024

Total time taken to generate the page: 0.03482 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.5.
Copyright ©2001-2013 FUDforum Bulletin Board Software