1. how to implement password protection for an application?
- Posted by Dan_M Jul 07, 2009
- 978 views
If I want to password protect an application, so it can't run unless a password is entered, and I want data file used by application to be encrypted, how do I go about asking user for password, and protecting the password from hacking?
Dan
2. Re: how to implement password protection for an application?
- Posted by ghaberek (admin) Jul 07, 2009
- 1015 views
If I want to password protect an application, so it can't run unless a password is entered, and I want data file used by application to be encrypted, how do I go about asking user for password, and protecting the password from hacking?
If all you want is password protection, I suggest using an MD5 hash. Just store the hash of the password in a plain text file. Then whenever the user enters the password, hash that and compare it to the stored hash. If the hash matches, then it is the correct password. Encourage your users to use upper and lower case letters, numbers, and special characters to help keep the hash from getting cracked by a brute-force attack.
-Greg
3. Re: how to implement password protection for an application?
- Posted by Dan_M Jul 07, 2009
- 1005 views
If I want to password protect an application, so it can't run unless a password is entered, and I want data file used by application to be encrypted, how do I go about asking user for password, and protecting the password from hacking?
If all you want is password protection, I suggest using an MD5 hash. Just store the hash of the password in a plain text file. Then whenever the user enters the password, hash that and compare it to the stored hash. If the hash matches, then it is the correct password. Encourage your users to use upper and lower case letters, numbers, and special characters to help keep the hash from getting cracked by a brute-force attack.
-Greg
Thanks Greg, I'll give it a look, and thanks for providing the link!
Dan
4. Re: how to implement password protection for an application?
- Posted by euphoric (admin) Jul 07, 2009
- 1004 views
If I want to password protect an application, so it can't run unless a password is entered, and I want data file used by application to be encrypted, how do I go about asking user for password, and protecting the password from hacking?
If all you want is password protection, I suggest using an MD5 hash. Just store the hash of the password in a plain text file. Then whenever the user enters the password, hash that and compare it to the stored hash. If the hash matches, then it is the correct password. Encourage your users to use upper and lower case letters, numbers, and special characters to help keep the hash from getting cracked by a brute-force attack.
Is the password protection to be used for insuring your software is not used by unlicensed users? If so, you'll need to add a unique identifier to the MD5 hash (such as the PC's primary hard drive serial number) otherwise it can be easily shared among many PCs.
5. Re: how to implement password protection for an application?
- Posted by Dan_M Jul 07, 2009
- 1030 views
If I want to password protect an application, so it can't run unless a password is entered, and I want data file used by application to be encrypted, how do I go about asking user for password, and protecting the password from hacking?
If all you want is password protection, I suggest using an MD5 hash. Just store the hash of the password in a plain text file. Then whenever the user enters the password, hash that and compare it to the stored hash. If the hash matches, then it is the correct password. Encourage your users to use upper and lower case letters, numbers, and special characters to help keep the hash from getting cracked by a brute-force attack.
Is the password protection to be used for insuring your software is not used by unlicensed users? If so, you'll need to add a unique identifier to the MD5 hash (such as the PC's primary hard drive serial number) otherwise it can be easily shared among many PCs.
Thanks, good observation, but no, it's just to keep the app private for the user, not to keep unlicensed user from using it. And that's also why I'll look at encrypting the data it uses.
Dan
