How to create a strong password - BlowFish

[Nitorami]

there is no password entering anywhere in the current process. simple an encryption today and a decryption tomorrow. No one is allowed to know about the encryption process.

Keeping an encryption process secret is a recipe for desaster. The algorithm is of course public, but what you pobably mean is that no one should be able to guess the encryption key, which may be generated from internal variables sufficiently hard to guess for the adversary, such as combination of MAC address, CPU tick counter, free HD space and what not. This is probably enough for practical purposes. Still, the entropy contained there is rather small, and better secrecy can be achieved by use of external, truly unguessable sources of entropy such as mouse and/or keyboard input.

[taazz]

there is no password entering anywhere in the current process. simple an encryption today and a decryption tomorrow. No one is allowed to know about the encryption process.

Keeping an encryption process secret is a recipe for desaster. The algorithm is of course public, but what you pobably mean is that no one should be able to guess the encryption key, which may be generated from internal variables sufficiently hard to guess for the adversary, such as combination of MAC address, CPU tick counter, free HD space and what not. This is probably enough for practical purposes. Still, the entropy contained there is rather small, and better secrecy can be achieved by use of external, truly unguessable sources of entropy such as mouse and/or keyboard input.

all fine and well for password creation that the end user has to enter at some point but all of  those technics are NOT reproducible for the decryption process later on. If the entropy is reproducible then its not strong enough if it is not then its not feet to be used in this case.There is no 100% secure way to handle this case even the more elaborate schemes like kwalet, keyring etc are based on a specific algorithm to create the key for encryption if you have the algorithm to recreate the data for the key is trivial especially if you have access to the computer/user that used to encrypt the data yet its good enough to be used by all the major web browser to store the various credentials they keep for you.

By the way bugging the end user to constantly provide passwords is recipe for failure also that is why windows implemented the single login access in the first place.

[mas steindorff]

By the way bugging the end user to constantly provide passwords is recipe for failure also that is why windows implemented the single login access in the first place.

and to add to taazz comment, once passwords become too complex for the end user to remember,  he will likely just store it in an unprotected document file or email. A step backwards for real security

[lainz]

the conclusion is
we must change. warn the end user.

or change the world where are no need to store a password 

[taazz]

Basically if you use some kind of concatenation procedure to create the password when needed instead of using a default password every installation has to be attacked separately in order to get the data thats struggle enough if you add some kind of randomness in the process for example use two (or more) different algorithms (on different procedures not an if in the same one) which are changed on pseudo random intervals from somewhere outside the procedures that use the generated password. that way you add one more element of randomness that will make solutions fail half the time for no apparent reason. Make sure that the end user can see the data inside your program when he needs to and see all the reasons for any one to try and decode them disappear. In any case I think that turbo power onguard has some routines to get you some unique ID that you can break down and add your own logic to them and there is icekey in torry.net that has some too.

[goodname]

I really would like to know what kind of programs you are talking about.

It is something that I recall from the "security question" thread a number of years ago now. That thread had some code developed to obscure encryption passwords in the binary. Think it is some reverse engineering software typically used in the anti-virus software field.
http://forum.lazarus.freepascal.org/index.php/topic,17651.html