Recent

Author Topic: The most easy encrypting/decrypting password method?  (Read 10577 times)

Conte

  • New Member
  • *
  • Posts: 27
The most easy encrypting/decrypting password method?
« on: September 26, 2021, 06:28:19 pm »
I searched anywhere and I found about BlowFish but I'm finding difficulties to use it.
I have a form with multiple buttons. Each button let me to login to a different server. The form ask me for username and password.
I would like to store the credentials in the registry of windows but I want to store the password encrypted in sha256.
So the next time I'll click on the button I don't need to write credentials again.

Can someone give me examples? I am newbie.

ASerge

  • Hero Member
  • *****
  • Posts: 1869
Re: The most easy encrypting/decrypting password method?
« Reply #1 on: September 26, 2021, 06:31:22 pm »
I want to store the password encrypted in sha256.
sha256 is designed for hashing, not encryption.

Conte

  • New Member
  • *
  • Posts: 27
Re: The most easy encrypting/decrypting password method?
« Reply #2 on: September 26, 2021, 06:42:29 pm »
Well I was meaning hashing then. :)

ASerge

  • Hero Member
  • *****
  • Posts: 1869
Re: The most easy encrypting/decrypting password method?
« Reply #3 on: September 26, 2021, 06:45:25 pm »
Well I was meaning hashing then. :)
But then it is not clear what you want to store in the registry. If only a hash, then this is not enough for registration (login/password).

Conte

  • New Member
  • *
  • Posts: 27
Re: The most easy encrypting/decrypting password method?
« Reply #4 on: September 26, 2021, 06:51:54 pm »
My form will contain various button, each button is configured to let me login to a location.
Only the first time the button will ask me user and password because it will be store in the registry. For the password it will only be stored hash, the username will be clear.
Next time I'll click the button it will read the hash from the registry and should let me login directly.

I have found this code that use DCPCrypt.
This is my code how I encrypt string:
Code: Pascal  [Select][+][-]
  1. uses DCPrijndael, DCPsha256;
  2.  
  3. var
  4.   S1, S2: String;
  5.   c: TDCP_rijndael;
  6. begin
  7.   c := TDCP_rijndael.Create(nil);
  8.   try
  9.     c.InitStr('MyCustomKey', TDCP_sha256);
  10.     S1 := c.EncryptString('First string');
  11.     c.Reset;
  12.     S2 := c.EncryptString('Second string');
  13.   finally
  14.     c.Free;
  15.   end;
  16. end;  
  17.  
And decrypt:
Code: Pascal  [Select][+][-]
  1. uses DCPrijndael, DCPsha256;
  2.  
  3. var
  4.   S1, S2: String;
  5.   c: TDCP_rijndael;
  6. begin
  7.   c := TDCP_rijndael.Create(nil);
  8.   try
  9.     c.InitStr('MyCustomKey', TDCP_sha256);
  10.     S1 := c.DecryptString(SomeEncryptedVariable);
  11.     c.Reset;
  12.     S2 := c.DecryptString(SomeEncryptedVariable);
  13.   finally
  14.     c.Free;
  15.   end;
  16. end;  
  17.  
One thing I noticed. If you want to encrypt / decrypt next string using the same object, you must first reset this object by "Reset" call. Otherwise, next string will be incorrectly encrypted / decrypted

Compiling it I get error on this line:
var
  S1, S2: String;


Error is:
Compila il progetto, Destinazione: project1.exe: Codice di uscita 1, Errori: 2
unit1.pas(34,3) Error: Illegal expression
unit1.pas(35,3) Fatal: Syntax error, ";" expected but "identifier S1" found
« Last Edit: September 26, 2021, 07:56:10 pm by Conte »

Thaddy

  • Hero Member
  • *****
  • Posts: 10929
Re: The most easy encrypting/decrypting password method?
« Reply #5 on: September 26, 2021, 08:27:40 pm »
Must be in some previous answer but just in case:
A SECURE HASH CAN NOT BE DECRYPTED
Period.

For a very simple two way encrypt/decrypt start with XOR.
Otherwise, when using a hash, store the hash, not the password, and re-hash it based on user input. If the two hashes are equal, the password is OK. That also means that - when implemented correctly - the password itself is never stored or visible.
« Last Edit: September 26, 2021, 08:34:00 pm by Thaddy »
The average programmer productivity is 4-5 hours per day. Peak performance 72 hours for short bursts. MTBF is 1 second or less.

Conte

  • New Member
  • *
  • Posts: 27
Re: The most easy encrypting/decrypting password method?
« Reply #6 on: September 27, 2021, 07:15:31 pm »

For a very simple two way encrypt/decrypt start with XOR.
Otherwise, when using a hash, store the hash, not the password, and re-hash it based on user input. If the two hashes are equal, the password is OK. That also means that - when implemented correctly - the password itself is never stored or visible.
That's just what I'm looking for. So how do I should start to learn it?

Basically I should be able to read/write to a registry key field. Generate a md5 of a string and compare it with the string stored on the registry. If is is equal the login succeed.
« Last Edit: September 27, 2021, 07:25:33 pm by Conte »

Conte

  • New Member
  • *
  • Posts: 27
Re: The most easy encrypting/decrypting password method?
« Reply #7 on: September 27, 2021, 08:36:33 pm »
I have solved my issue, here the source code:

Code: Pascal  [Select][+][-]
  1. unit Unit1;
  2.  
  3. {$mode objfpc}{$H+}
  4.  
  5. interface
  6.  
  7. uses
  8.   Classes, SysUtils, Forms, Controls, Graphics, DCPsha256, StdCtrls;
  9.  
  10. type
  11.  
  12.   { TForm1 }
  13.  
  14.   TForm1 = class(TForm)
  15.     Button1: TButton;
  16.     DCP_sha256_1: TDCP_sha256;
  17.     Edit1: TEdit;
  18.     Edit2: TEdit;
  19.     Label1: TLabel;
  20.     procedure Button1Click(Sender: TObject);
  21.   private
  22.     { private declarations }
  23.   public
  24.  
  25.     { public declarations }
  26.   end;
  27.  
  28. var
  29.   Form1: TForm1;
  30.  
  31. implementation
  32.  
  33. {$R *.lfm}
  34.  
  35. { TForm1 }
  36.  
  37. function getsha256(S: String): String;
  38. var
  39.     Hash: TDCP_sha256;
  40.     Digest: array[0..31] of byte;  // sha256 produces a 256bit digest (32bytes)
  41.     Source: string;
  42.     i: integer;
  43.     str1: string;
  44.   begin
  45.     Source:= S;  // here your string for get sha256
  46.  
  47.     if Source <> '' then
  48.     begin
  49.       Hash:= TDCP_sha256.Create(nil);  // create the hash
  50.       Hash.Init;                        // initialize it
  51.       Hash.UpdateStr(Source);
  52.       Hash.Final(Digest);               // produce the digest
  53.       str1:= '';
  54.       for i:= 0 to 31 do
  55.         str1:= str1 + IntToHex(Digest[i],2);
  56.       //form1.Edit2.Text:= s;                   // display the digest in lower case
  57.       Form1.Edit2.Text:=UpperCase(str1);         // display the digest in capital letter
  58.     end;
  59.   end;
  60.  
  61. procedure TForm1.Button1Click(Sender: TObject);
  62.   begin
  63.     getsha256(Edit1.Text);  // show the sha256 of string in edit1
  64. end;
  65. end.
  66.  

A big big thanks to Ericktux.

The only doubts I have is that I get two hints by the compiler:
1. Warning: Local variable "Digest" does not seems to be initialized;
2. Warning: Function result does not seem to be set
« Last Edit: September 27, 2021, 09:00:17 pm by Conte »

Thaddy

  • Hero Member
  • *****
  • Posts: 10929
Re: The most easy encrypting/decrypting password method?
« Reply #8 on: September 28, 2021, 07:06:05 am »
After Hash.Final(digest) you forgot to call Hash.Free?
Note I do not use DCPxxx, but I prefer our own user Xor-El's Hash library.
https://github.com/Xor-el/HashLib4Pascal
« Last Edit: September 28, 2021, 08:02:40 am by Thaddy »
The average programmer productivity is 4-5 hours per day. Peak performance 72 hours for short bursts. MTBF is 1 second or less.

MarkMLl

  • Hero Member
  • *****
  • Posts: 3243
Re: The most easy encrypting/decrypting password method?
« Reply #9 on: September 28, 2021, 11:49:18 am »
Must be in some previous answer but just in case:
A SECURE HASH CAN NOT BE DECRYPTED
Period.

That is very true, but reading things through he's not trying to recover his plaintext password/passphrase from a stored hash. What he's actually doing is taking the plaintext passphrase, storing a hash of that, and using that hash as the /actual/ passphrase... which is not bad practice subject to a couple of comments.

The first comment is that the idea of storing a hashed passphrase is so that if some lackwit uses the same passphrase for both his Squitter login and his bank account, it's not possible to trivially break into his bank account when Squitter is hacked. However this is weakened if it happens that everybody is using the same hash algorithm, since something like John The Ripper will be able to get a fairly quick match. The solution to that is to "seed" the hash with two numbers, the first being random (but applying to all passphrases stored in the same place) and the second being a hash of the name of the service being logged into.

The second is that local strings cannot be assumed to be cleared adequately when they're deallocated or their length is changed. So if a string has contained the plaintext of a password, overwrite it with something of the same length before it goes out of scope.

Apologies if anybody feels I'm stating the obvious here.

MarkMLl
Turbo Pascal v1 on CCP/M-86, multitasking with LAN and graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Thaddy

  • Hero Member
  • *****
  • Posts: 10929
Re: The most easy encrypting/decrypting password method?
« Reply #10 on: September 28, 2021, 12:24:59 pm »
That is how interpreted it. But looking at the original question that was not very clear:encrypt/decrypt....
« Last Edit: September 28, 2021, 12:33:38 pm by Thaddy »
The average programmer productivity is 4-5 hours per day. Peak performance 72 hours for short bursts. MTBF is 1 second or less.

MarkMLl

  • Hero Member
  • *****
  • Posts: 3243
Re: The most easy encrypting/decrypting password method?
« Reply #11 on: September 28, 2021, 12:56:31 pm »
That is how interpreted it. But looking at the original question that was not very clear:encrypt/decrypt....

I know, which is why I thought going into some detail for OP's benefit might be useful :-)

MarkMLl
Turbo Pascal v1 on CCP/M-86, multitasking with LAN and graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Conte

  • New Member
  • *
  • Posts: 27
Re: The most easy encrypting/decrypting password method?
« Reply #12 on: September 28, 2021, 08:13:42 pm »
Guys I can't apply that way, because I'd like to make an auto login. That way was good if everytime I had wrote my password, is it can be compared with the stored one after the encryption. With the auto login I should set a private key used for the encryption so I'm learning this way now: https://forum.lazarus.freepascal.org/index.php?topic=10970.msg55542#msg55542

MarkMLl

  • Hero Member
  • *****
  • Posts: 3243
Re: The most easy encrypting/decrypting password method?
« Reply #13 on: September 28, 2021, 08:22:22 pm »
Guys I can't apply that way, because I'd like to make an auto login. That way was good if everytime I had wrote my password, is it can be compared with the stored one after the encryption. With the auto login I should set a private key used for the encryption so I'm learning this way now: https://forum.lazarus.freepascal.org/index.php?topic=10970.msg55542#msg55542

Can't reply /what/ way? Give us come context (there's a button for that).

MarkMLl
Turbo Pascal v1 on CCP/M-86, multitasking with LAN and graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Thaddy

  • Hero Member
  • *****
  • Posts: 10929
Re: The most easy encrypting/decrypting password method?
« Reply #14 on: September 28, 2021, 09:22:13 pm »
Guys I can't apply that way, because I'd like to make an auto login.
That can be achieved by issuing certificates from your own authority to your users.
Not ieasy but doable even for noobs, Well, you need to know a few things.....
« Last Edit: September 28, 2021, 09:23:53 pm by Thaddy »
The average programmer productivity is 4-5 hours per day. Peak performance 72 hours for short bursts. MTBF is 1 second or less.

 

TinyPortal © 2005-2018