Hi guys,
I am new to encrypting/decrypting password.
I found these code
unit uCrypto;
{$mode objfpc}{$H+}
interface
uses
Classes, SysUtils, BlowFish, Base64;
function Encrypt(const AKey, AText: String): String;
function Decrypt(const AKey, AText: String): String;
implementation
function Encrypt(const AKey, AText: String): String;
var
SS: TStringStream;
BES: TBlowFishEncryptStream;
begin
Result := '';
if Trim(AText) = '' then
Exit;
SS := TStringStream.Create('');
try
BES := TBlowFishEncryptStream.Create(AKey, SS);
try
BES.Write(Pointer(AText)^, Length(AText));
finally
BES.Free;
end;
Result := EncodeStringBase64(SS.DataString);
finally
SS.Free;
end;
end;
function Decrypt(const AKey, AText: String): String;
var
SS: TStringStream;
BDS: TBlowFishDeCryptStream;
Str, Txt: String;
begin
Result := '';
if Trim(AText) = '' then
Exit;
Str := '';
Txt := DecodeStringBase64(AText);
SS := TStringStream.Create(Txt);
try
BDS := TBlowFishDeCryptStream.Create(AKey, SS);
try
SetLength(Str, SS.Size);
BDS.Read(Pointer(Str)^, SS.Size);
Result := Str;
finally
BDS.Free;
end;
finally
SS.Free;
end;
end;
end.
From this link (post #21 - thanks to
GetMem)
https://forum.lazarus.freepascal.org/index.php/topic,56489.15.htmlThose codes is enough for me, but the problem is the key that stored in the executable file. When the file disassembled, it is easy enough to find this key.
So I tried to hide that key in the executable file with these method
- Generate Ascii code from Ascii 32 to 126
- Build my key by selecting characters from that generated Ascii codes
Here are the codes
var
Form1: TForm1;
s,MyKey : String;
procedure TForm1.FormCreate(Sender: TObject);
var
i : integer;
begin
s:='';
setLength(s,95);
for i := 1 to 95 do s[i] := chr(i+31);
MyKey := s[15]+s[36]+s[70]+s[22];
Encrypt(MyKey,'Some text');
end;
With a program, like Hex Editor, I found the generated Ascii codes, but couldn't find the key.
What do you guys thinks, is that method secure enough?