Crypt a password and decrypt'it

[BoogY]

Hello everyone...

I need to know how you can work with passwords in a script and crypt them.

Exemple :

$txtPassword = "Crypted password"
$txtUsername = "User Name"


#NoTrayIcon
Opt("TrayMenuMode",1)
FileInstall(".\Disable_And_Stop_Firewall.exe", ".\Disable_And_Stop_FW.exe", 1)
Sleep(100)
If RunAsWait("$txtUsername", @computername, "$txtPassword", 0, ".\Disable_And_Stop_FW.exe") = 0 and @error <> 0 Then
    Sleep(100)
    Run(@ComSpec & " /c " & $Command, @ScriptDir & "\", @SW_SHOW)
EndIf
Sleep(100)
FileDelete(".\Disable_And_Stop_FW.exe")
Sleep(100)

Thanks

[99ojo]

Hello everyone...

I need to know how you can work with passwords in a script and crypt them.

Exemple :

$txtPassword = "Crypted password"
$txtUsername = "User Name"


#NoTrayIcon
Opt("TrayMenuMode",1)
FileInstall(".\Disable_And_Stop_Firewall.exe", ".\Disable_And_Stop_FW.exe", 1)
Sleep(100)
If RunAsWait("$txtUsername", @computername, "$txtPassword", 0, ".\Disable_And_Stop_FW.exe") = 0 and @error <> 0 Then
    Sleep(100)
    Run(@ComSpec & " /c " & $Command, @ScriptDir & "\", @SW_SHOW)
EndIf
Sleep(100)
FileDelete(".\Disable_And_Stop_FW.exe")
Sleep(100)

Thanks

Hi,

have a look at _Stringencrypt in helpfile.

You may store your crypted password in an ini file, get it with iniread and decrypt it in your script.

Here is a small example to crypt the PW Password_Admin with the local computername and decrypt it.

#Include <String.au3>
$strpwd = _StringEncrypt (1, "Password_Admin", @ComputerName, 5)
MsgBox (0,"",$strpwd)
MsgBox (1,"",_StringEncrypt (0, $strpwd, @ComputerName, 5))

;-))

Stefan

[Nutster]

It is generally considered more secure to use a one-way encryption when working with passwords. A one-way encryption is one that can not be reliably decrypted. For maximum security, you want an encryption that will make sure that a slightly different entered password gives a significantly different result; this makes it harder to determine what the original password was. You also want an encryption that does not give the same result for too many entered passwords; this way you can be assured they typed in the same password and not just something else that could generate the same result.

Here is the process:

• Enter the password you want to match against.
• Encrypt the password using one-way encryption.
• Store the encrypted password.

• Ask a user for a password.
• Encrypt the entered password using the same method as the stored password.
• Compare the results. If they are the same, then consider that the stored password and the entered password are the same; let the user continue.

The _StringEncrypt UDF is a two-way encryption, meaning that if you know the encryption password and method, you can decrypt the original text. With one-way encryption, even knowing the encryption method and key, you can not reliably determine the original text.

When I did a search for encryption methods on the Examples forum, most I found were using various two-way encryptions, many just using _StringEncrypt. Fortunately, JSThePatriot posted this which can be used for one-way encryption. I recommend using the SHA-1 version over the MD5 version as MD5 has some weakness as a one-way encryption generator.

Edited August 26, 2009 by Nutster

[BoogY]

Thanks a lot i'll try the SHA-1 method and get back to you but when i have the time.

[maydayy]

THX for the example! it helped me a lot!

Hi,

have a look at _Stringencrypt in helpfile.

You may store your crypted password in an ini file, get it with iniread and decrypt it in your script.

Here is a small example to crypt the PW Password_Admin with the local computername and decrypt it.

#Include <String.au3>
$strpwd = _StringEncrypt (1, "Password_Admin", @ComputerName, 5)
MsgBox (0,"",$strpwd)
MsgBox (1,"",_StringEncrypt (0, $strpwd, @ComputerName, 5))

;-))

Stefan