From: David McKen <cic_3_b@ya...> - 2004-01-12 03:13:32
Does he have control of the server side?
--- Reid Thompson <reid.thompson@...> wrote:
> Use a key -- implement the key in the server side code.
> If "remember my password" is checked on connection to server,
> generate the file data to be stored on the client side on the
> server and
> fave the server return the file data to the client, which writes it
> the client host filesystem. Then, decryption/validation occurs on
> server side on attempted connections and the server binary is the
> place that the key can be found.
> David McKen wrote:
> > By definition of your problem anyone who know your algorithm is
> > to be able to decrypt the file. Essentially a hacker has all the
> > they need if they get their hands on the algorithm and the file
> > has both the e-mail and the encrypted data.
> > Including a bit of randomness is not going to be easy to do as
> > have to somehow rember that random value for you to decrypt it
> > time.
> > Possibly hide the encrypted data in a file with some other data.
> > maybe store the e-mail seperate from the encrypted data. Make it
> > harder for a hacker to get the data they want, this assumes that
> > potential hacker already knows the algorithm.
> > Hope This Helps
> > David McKen
> > --- Ed Cottrell <emc@...> wrote:
> > > Hello all,
> > >
> > > I need help on an algorithm. I need to accept
> > > combinations
> > > on the client side of a client-server app, store those on the
> > > client side,
> > > and "decrypt" them again without user input, using only the
> > > strings.
> > > Think the "remember my password" function in MS Outlook, IE,
> > >
> > > Ideally, I would like to do this:
> > > On first run:
> > > 1) Accept email address
> > > 2) Accept username & password pairs
> > > 3) "Encrypt" username/password pairs with email address + some
> > > machine-dependent data as a key
> > > 4) Write these encrypted pairs and the email address to a text
> > >
> > > On future runs:
> > > 1) Read the encrypted pairs
> > > 2) "Decrypt" them
> > > 3) Do stuff.
> > >
> > > The best idea I have now is some block-and-bit chunking and
> > > shifting - break
> > > the string to encrypt into variable-length chunks, shuffle,
> > > reassemble, bit
> > > rotate, repeat. The "decrypt" would simply reverse the
> process. My
> > > concern
> > > is that anybody who knows the algorithm will be able to
> reverse it
> > > quite
> > > easily, given access to the text file.
> > >
> > > Any help is appreciated!
> > >
> > > -Ed
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes