* * *

Author Topic: a encryption concept problem  (Read 331 times)

nimmy1209

  • Newbie
  • Posts: 1
a encryption concept problem
« on: November 09, 2018, 06:57:22 pm »
currently, I am a year 11 student in hong kong. I am working a console program by Pascal.
I want to enable users to register, log in, which the problem comes out.i want to store the password to a txt file such that the file work as a database. However ,i want encryption apply in it to protect the password not to read by other who get access to it.

suppose my folder only have a txt file for storing password , and a pascal file for program
question:
1.should the password in the folder already be encrypted
  .if no, where should I store my encrypted password
  .if yes, how should I protect my pascal file not to be read by other to find out the algorithm used to encrypt the password
2.i am trying to understand sha256, the component that I used to change a password how should it be protected, as I still need to decrypt it again.following is the example

one of the passwords is "aaa" I want to encrypt by adding 3 of its ASCII code means it will become "ddd" after encrypt. According to what I learn, ddd should be store but not aaa, but how can I return it to ddd . and also,if I use the opposite way to encrypt to decrypt it (ASCII CODE - 3 ),where should i put the algorithm then ,or else people will also know how to change it back tho ...

but i guess i dun really understand sha256...haha i messed up my programming skill my programming knowledge and my life

Bart

  • Hero Member
  • *****
  • Posts: 3123
    • Bart en Mariska's Webstek
Re: a encryption concept problem
« Reply #1 on: November 09, 2018, 07:34:10 pm »
For starters see How NOT to store passwords.

Bart

Thaddy

  • Hero Member
  • *****
  • Posts: 7087
Re: a encryption concept problem
« Reply #2 on: November 09, 2018, 09:05:49 pm »
Explanation that worked for my ten year old daughter, so since you are eleven this should help:
sha256 is a one way hash. That means you can not get your password back...You can not decrypt it...
If you dive into the water you get wet, but you can not un-dive from the water to get dry again...
But that does not mean you can not check if the password is correct: if you repeat the sha256 hash it should be the same value as the first one....
So you do not need the actual password anymore. You need it only once and store the hash. If you use the password, hash it again and simply compare the hashes.
Think of it like:
A password is a kind of question, but the hash is the only correct answer. As long as the answers are the same, you don't need the question anymore.
In fact you don't need the question at all, only the answer, to know if somebody entered the right password. You don't even have to know what the question was....
That's how sha256 works when used for passwords.

But of course there is also two way encryption. This is usually used for texts etc, not for passwords... (see Bart's link)
with two way encryption you can get back the original text if you know the key.
The simplest way to demonstrate that is like so:
Code: Pascal  [Select]
  1. program untitled;
  2. begin
  3.   writeln (ord('a') xor Ord('b')); //  this calculation gives us the key: 3 in this case
  4.   writeln (char(ord('a') xor 3));  // this calculation gives us the original value of 'b' given our key of 3
  5. end.
Note this is a very easy example to demonstrate a two way encryption.
In real life you need something much more complex like AES which is also a two way encryption.

Summary:
A secure hash like sha256 can not be decrypted, but you can use a hash to verify another hash on the same password. One way encryption. You can repeat the calculation but not reverse it.
A two way encryption can get your password back, based on a key. You can reverse the calculation too.
In practice things are much more complex, but these are the basics.


« Last Edit: November 09, 2018, 09:40:25 pm by Thaddy »
inline variables like in D10.3 are a bit like Brexit: if you are given the wrong information it sounds like a good idea. Every kid loves candy, but it makes you fat and your teeth will disappear.

howardpc

  • Hero Member
  • *****
  • Posts: 2804
Re: a encryption concept problem
« Reply #3 on: November 09, 2018, 10:13:33 pm »
In the UK (and so perhaps in Hong Kong) most Year 11 students are 15 or 16 years old.

Thaddy

  • Hero Member
  • *****
  • Posts: 7087
Re: a encryption concept problem
« Reply #4 on: November 10, 2018, 04:11:11 pm »
In the UK (and so perhaps in Hong Kong) most Year 11 students are 15 or 16 years old.
Oh, I forgot. Anyway, he should have little trouble understanding my rudimentary introduction.
inline variables like in D10.3 are a bit like Brexit: if you are given the wrong information it sounds like a good idea. Every kid loves candy, but it makes you fat and your teeth will disappear.

 

Recent

Get Lazarus at SourceForge.net. Fast, secure and Free Open Source software downloads Open Hub project report for Lazarus