Page 1 of 1

How to save encrypted password in the configration file

Posted: Mon Jul 13, 2009 12:24 pm
by MuhammadSohail
How do i en/decode the password and save/read into/from the ini file.

Currently using
Visual studio: 2003
wxWidgets : 2.8.8

Is there any command line tool or any wxWidget class?
Any idea would be helful

Posted: Mon Jul 13, 2009 1:30 pm
by stevelam
Well for reading and writing to a config file see the wxConfig overveiw and wxConfigBase.

Posted: Mon Jul 13, 2009 1:40 pm
by MuhammadSohail
Thanks for quick reply. I wrote my own config file parser , Therefore i would not be possible to use wxConfig class anymore.

Is there any other idea. is there any GnU Lib?

Posted: Tue Jul 14, 2009 3:12 am
by leiradella
Saving a password, even if encrypted, to a file usually breaks the application's security.

1. If you save the password in clear text, it's trivial to find it.

2. If you save it as a hash (i.e. MD5 and the SHA family), one only have to generate a new hash with his/her own password and use it to break into the application.

3. If you save it encrypted, then you have to save the encryption/decryption key in the application, so it's just a matter of statistical analysis to find it and break the password in the config file.

But never *ever* implement your own encryption algorithm. Cryptography algorithms are very complicated to construct, and are usually made by mathematicians and go through a lot of public scrutiny before being considered secure.

That said, for many uses the third option is usually good enough, provided you're not selling applications to protected top-secret data.

You could try Crypto++, which is free and feature-rich.

To implement the 3rd option, I'd go with AES. For the 2nd, which is also good enough for less sensitive information, I'd go with SHA-256.