How to save encrypted password in the configration file

If you are using the main C++ distribution of wxWidgets, Feel free to ask any question related to wxWidgets development here. This means questions regarding to C++ and wxWidgets, not compile problems.
Post Reply
MuhammadSohail
Experienced Solver
Experienced Solver
Posts: 96
Joined: Fri Jun 17, 2005 1:53 pm
Location: Germany
Contact:

How to save encrypted password in the configration file

Post by MuhammadSohail » Mon Jul 13, 2009 12:24 pm

How do i en/decode the password and save/read into/from the ini file.

Currently using
Visual studio: 2003
wxWidgets : 2.8.8

Is there any command line tool or any wxWidget class?
Any idea would be helful

stevelam
Earned some good credits
Earned some good credits
Posts: 114
Joined: Fri Apr 14, 2006 11:01 am

Post by stevelam » Mon Jul 13, 2009 1:30 pm

Well for reading and writing to a config file see the wxConfig overveiw and wxConfigBase.

MuhammadSohail
Experienced Solver
Experienced Solver
Posts: 96
Joined: Fri Jun 17, 2005 1:53 pm
Location: Germany
Contact:

Post by MuhammadSohail » Mon Jul 13, 2009 1:40 pm

Thanks for quick reply. I wrote my own config file parser , Therefore i would not be possible to use wxConfig class anymore.

Is there any other idea. is there any GnU Lib?

leiradella
I live to help wx-kind
I live to help wx-kind
Posts: 172
Joined: Sun Sep 07, 2008 9:49 pm
Location: Rio de Janeiro, Brazil

Post by leiradella » Tue Jul 14, 2009 3:12 am

Saving a password, even if encrypted, to a file usually breaks the application's security.

1. If you save the password in clear text, it's trivial to find it.

2. If you save it as a hash (i.e. MD5 and the SHA family), one only have to generate a new hash with his/her own password and use it to break into the application.

3. If you save it encrypted, then you have to save the encryption/decryption key in the application, so it's just a matter of statistical analysis to find it and break the password in the config file.

But never *ever* implement your own encryption algorithm. Cryptography algorithms are very complicated to construct, and are usually made by mathematicians and go through a lot of public scrutiny before being considered secure.

That said, for many uses the third option is usually good enough, provided you're not selling applications to protected top-secret data.

You could try Crypto++ http://www.cryptopp.com/, which is free and feature-rich.

To implement the 3rd option, I'd go with AES. For the 2nd, which is also good enough for less sensitive information, I'd go with SHA-256.

Cheers,

Andre

Post Reply