Sign in to follow this  
Followers 0
Damein

Encrypt login details

6 posts in this topic

I've searched around a bit but most of the answers I found that seemed to work for what I want used _StringEncrypt which doesn't seem to exist anymore? Not in the help or anything. 

What I have is a program that uploads a file to an FTP server but I do not want to store the information in the script or in plain text for obvious reasons. Since security isn't THAT big of an issue id be content with storing it in some type of INI or text document under encryption and then pull it out and check it against what the user inputs. The _Crypt_EncryptFile seems to require you to decrypt it and place it in a read able file while you process it. Which to me seems unsecure in every way. Maybe I'm just not looking at it right though.


A point in the right direction would be lovely. Thanks!


MCR.jpg?t=1286371579

Most recent sig. I made

Quick Launcher W/ Profiles Topic Movie Database Topic & Website | LiveStreamer Pro Website | YouTube Stand-Alone Playlist Manager: Topic | Weather Desktop Widget: Topic | Flash Memory Game: Topic | Volume Control With Mouse / iTunes Hotkeys: Topic | Weather program: Topic | Paws & Tales radio drama podcast mini-player: Topic | Quick Math Calculations: Topic

Share this post


Link to post
Share on other sites



5 minutes ago, Damein said:

_StringEncrypt which doesn't seem to exist anymore?

cryptography was relocated to the UDF Crypt.au3, look at the help file for _Crypt_EncryptData().

 

but, as you say...

7 minutes ago, Damein said:

check it against what the user inputs

then why do you need to store the password at all? you ask the user for the password, launch the FTP session, and if the password is incorrect you'll know it soon enough.

Share this post


Link to post
Share on other sites

I'm sorry, I misspoke a bit. Yes, it prompts the user for the login credentials for the FTP and of course if they can't connect we know that's wrong. What I need is a way to verify who is doing what. The software is a clock in like system so I need to verify they are who they are without creating 50 different login credentials on the server. 


MCR.jpg?t=1286371579

Most recent sig. I made

Quick Launcher W/ Profiles Topic Movie Database Topic & Website | LiveStreamer Pro Website | YouTube Stand-Alone Playlist Manager: Topic | Weather Desktop Widget: Topic | Flash Memory Game: Topic | Volume Control With Mouse / iTunes Hotkeys: Topic | Weather program: Topic | Paws & Tales radio drama podcast mini-player: Topic | Quick Math Calculations: Topic

Share this post


Link to post
Share on other sites

Just as an edit, this is what I've come up with and will go with unless someone has a cleaner/more secure way of doing it.

 

; A GUI that has 3 input fields.
; A: Username
; B: Password
; C: Encryption Key

; After the user inputs all of that it takes the encryption key and uses the following
; $Read = FileRead(@ScriptDir & "/Data.txt")
; _Crypt_DecryptData($Read, $sUserKey, $CALG_RC4) to pull the data from an encrypted file
; If the decryption is positive and the username/password is correct it allows entry

 

That way none of the data is stored in the script.


MCR.jpg?t=1286371579

Most recent sig. I made

Quick Launcher W/ Profiles Topic Movie Database Topic & Website | LiveStreamer Pro Website | YouTube Stand-Alone Playlist Manager: Topic | Weather Desktop Widget: Topic | Flash Memory Game: Topic | Volume Control With Mouse / iTunes Hotkeys: Topic | Weather program: Topic | Paws & Tales radio drama podcast mini-player: Topic | Quick Math Calculations: Topic

Share this post


Link to post
Share on other sites

You need 2 scripts:

  • PasswortCreator2.au3 is for creating pw hashes and storing in ini. This script is only for you, so store it on USB-Stick or your private folder. The created INI must be copied in same path as the
  • LoginCheck2.au3 is. This script is for verifying the login against ini. The scriptcode to be executed if login was successfully has to be appended.

Both script are commented in german, but i hope the scriptcode tells all.

Share this post


Link to post
Share on other sites

Thanks for the potential info ect AutoBert but before I checked back on this I had wrote myself what I wanted.

 

If anyone is interested it in future searches ect the topic can be found: 

 


MCR.jpg?t=1286371579

Most recent sig. I made

Quick Launcher W/ Profiles Topic Movie Database Topic & Website | LiveStreamer Pro Website | YouTube Stand-Alone Playlist Manager: Topic | Weather Desktop Widget: Topic | Flash Memory Game: Topic | Volume Control With Mouse / iTunes Hotkeys: Topic | Weather program: Topic | Paws & Tales radio drama podcast mini-player: Topic | Quick Math Calculations: Topic

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0