Storing a password

Soldato
Joined
7 Apr 2004
Posts
4,212
Hi,

I'm using C++, and need to store a password in a config file and I don't think plain text is a good idea. Whats the best way to do this?

I don't really want the user to have to provide a key every time they start the program to decrypt settings, so I think im going to have to store the encryption key inside the program, but that's got to be better than plain text?

Has anyone done this before? I suppose ideally i just want a simple encrypt & decrypt function that i can pass a string to, but i have no idea what algorithm to use.

Thanks,
Jack
 
Hey,

Thanks, its for Linux and i don't have the option of using hashing sadly :(

I like the idea of using a keystore program though, i think both gnome and kde have something suitable, will defiantly look into that. I can see why you say encryption is pointless if the key is in the code, i was just wondering if it would be better to use that for obscuring it rather than just have it plaintext in a config file but as you say i guess there isnt much point in that approach.
 
DO NOT store the password.

Do a hash/checksum, (md5/SHA-1, plenty of source code out there, no need to use a built in function of the OS or a standard library), and store the checksum unencrypted. Then make the checksum each time they try to log in and compare it.

It's almost impossible to convert the checksum to the password again, it can be done with a good rainbow table, but this is rendered useless if you use a "salt", as good rainbow tables (ones with large character sets, this is why we use characters in passwords) still take days to make.

I would do this approach, but the password is used to connect to a server, and that password is sent in plain text which is a protocol fault not mine, as this is for a 'remember password' feature, i have nothing to check a hash against :(
 
Back
Top Bottom