Sign in to follow this  
Followers 0
prismite

'simple' password hashing

5 posts in this topic

Hi folks, been a while since I've had to post but I figured I'd be back sooner or later...

I have written a small amateur program that takes a bit of data from a user (inluding Username and Password) then follows a few choice instructions, writing the info (un/pw) to a .ini file so as to make future inquiries that much faster. 

Now that the script is functional, I'd like to have the .ini reflect a hashed password, so that other people viewing the file wont see the clear text. 

I've manage to do that, showing an 'encrypted' input2 ... but I cant seem to get my decryption working correctly. It shows a '0' when I run the program the next time. Take a look..

#include <ButtonConstants.au3>
#include <ComboConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <GuiStatusBar.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <WinAPI.au3>
#include <GDIPlus.au3>
#include <IE.au3>
#include <Crypt.au3>

#Region ### START Koda GUI section ### Form=Form1.kxf
    $form1 = GUICreate("BACC-MAC 2.0", 338, 155, 192, 124)
    $input1 = GUICtrlCreateInput(IniRead("BACC-MAC.ini", "Config", "Input1", ""), 24, 24, 121, 21)
    $group1 = GUICtrlCreateGroup("Username", 8, 8, 153, 49)
    GUICtrlCreateGroup("", -99, -99, 1, 1)
    $readhiddenpw = IniRead("BACC-MAC.ini", "Config", "Input2", "")
    $decryptme = Encrypting ($readhiddenpw)
    $input2 = GUICtrlCreateInput($decryptme, 192, 24, 121, 21)
    $group2 = GUICtrlCreateGroup("Password", 176, 8, 153, 49)
    GUICtrlCreateGroup("", -99, -99, 1, 1)
    $input3 = GUICtrlCreateInput("", 112, 80, 121, 21)
    $group3 = GUICtrlCreateGroup("MAC", 96, 64, 153, 49)
    GUICtrlCreateGroup("", -99, -99, 1, 1)
    $button1 = GUICtrlCreateButton("Go!", 128, 120, 75, 25)
    GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###
    
    $sEncrypted = ""

While 1
    $nmsg = GUIGetMsg()
    $username = (GUICtrlRead($input1))
    $password = (GUICtrlRead($input2))
    $cpemac = (GUICtrlRead($input3))

    Encrypting ($sEncrypted)
    
    Switch $nmsg
        Case $gui_event_close
            IniWrite("BACC-MAC.ini", "Config", "Input1", GUICtrlRead($input1))
            IniWrite("BACC-MAC.ini", "Config", "Input2", $sEncrypted)
            Exit
        Case $button1
            bacc()
            IniWrite("BACC-MAC.ini", "Config", "Input1", GUICtrlRead($input1))
            IniWrite("BACC-MAC.ini", "Config", "Input2", $sEncrypted)
            Exit
    EndSwitch
WEnd

Func Encrypting ($password)
   $sEncrypted = StringEncrypt (True, "Encrypted", $password)
   $sDecrypted = StringEncrypt (False, $sEncrypted, $password)
EndFunc

Func StringEncrypt($bEncrypt, $sData, $sPassword)
    _Crypt_Startup() ; Start the Crypt library.
    Local $sReturn = ''
    If $bEncrypt Then ; If the flag is set to True then encrypt, otherwise decrypt.
        $sReturn = _Crypt_EncryptData($sData, $sPassword, $CALG_RC4)
    Else
        $sReturn = BinaryToString(_Crypt_DecryptData($sData, $sPassword, $CALG_RC4))
    EndIf
    _Crypt_Shutdown() ; Shutdown the Crypt library.
    Return $sReturn
EndFunc


 

.

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

The best solution would be to use _Crypt_HashData, then save the hashed data to your INI file. And when you need to check the password, then use _Crypt_HashData again (on the password the user provided) and compare it with the saved one :-)

EDIT : HOHOHO looks like I didn't understand your question the right way....

Edited by perfaram

Never forget to mark a question as resolved, this button has been purposely created :-P 

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Okay, I think your misunderstood the StringEncrypt function. 

$bEncrypt is to choose whether you want to crypt or decrypt,

$sData should be the string you want to encrypt, and

$sPassword the key used to crypt

Take a look at this if you don't understand

Anyway, this should be better : 

#include <ButtonConstants.au3>
#include <ComboConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <GuiStatusBar.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <WinAPI.au3>
#include <GDIPlus.au3>
#include <IE.au3>
#include <Crypt.au3>
Global $key="MyKeyForCrypting"
#Region ### START Koda GUI section ### Form=Form1.kxf
    $form1 = GUICreate("BACC-MAC 2.0", 338, 155, 192, 124)
    $input1 = GUICtrlCreateInput(IniRead("BACC-MAC.ini", "Config", "Input1", ""), 24, 24, 121, 21)
    $group1 = GUICtrlCreateGroup("Username", 8, 8, 153, 49)
    GUICtrlCreateGroup("", -99, -99, 1, 1)
    $readhiddenpw = IniRead("BACC-MAC.ini", "Config", "Input2", "")
    $decryptme = StringEncrypt(False, IniRead("BACC-MAC.ini", "Config", "Input2", ""), $key)
    $input2 = GUICtrlCreateInput($decryptme, 192, 24, 121, 21)
    $group2 = GUICtrlCreateGroup("Password", 176, 8, 153, 49)
    GUICtrlCreateGroup("", -99, -99, 1, 1)
    $input3 = GUICtrlCreateInput("", 112, 80, 121, 21)
    $group3 = GUICtrlCreateGroup("MAC", 96, 64, 153, 49)
    GUICtrlCreateGroup("", -99, -99, 1, 1)
    $button1 = GUICtrlCreateButton("Go!", 128, 120, 75, 25)
    GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###

    $sEncrypted = ""

While 1
    $nmsg = GUIGetMsg()
    $username = (GUICtrlRead($input1))
    $password = (GUICtrlRead($input2))
    $cpemac = (GUICtrlRead($input3))

    Switch $nmsg
        Case $gui_event_close
            IniWrite("BACC-MAC.ini", "Config", "Input1", GUICtrlRead($input1))
            IniWrite("BACC-MAC.ini", "Config", "Input2", StringEncrypt(True, GUICtrlRead($input2), $key))
            Exit
        Case $button1
            IniWrite("BACC-MAC.ini", "Config", "Input1", GUICtrlRead($input1))
            IniWrite("BACC-MAC.ini", "Config", "Input2", StringEncrypt(True, GUICtrlRead($input2), $key))
            Exit
    EndSwitch
WEnd

Func StringEncrypt($bEncrypt, $sData, $sPassword)
    _Crypt_Startup() ; Start the Crypt library.
    Local $sReturn = ''
    If $bEncrypt Then ; If the flag is set to True then encrypt, otherwise decrypt.
        $sReturn = _Crypt_EncryptData($sData, $sPassword, $CALG_RC4)
    Else
        $sReturn = BinaryToString(_Crypt_DecryptData($sData, $sPassword, $CALG_RC4))
    EndIf
    _Crypt_Shutdown() ; Shutdown the Crypt library.
    Return $sReturn
EndFunc
Edited by perfaram

Never forget to mark a question as resolved, this button has been purposely created :-P 

Share this post


Link to post
Share on other sites

Whoa ... actually yeah I did mess that up. I totally see what you did and now that its in front of me, makes perfect sense.

Thank you for opening my eyes!

Share this post


Link to post
Share on other sites

The example StringEncrypt() is meant to mimic the old function _StringEncrypt().


_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0