How do i en/decode the password and save/read into/from the ini file.
Currently using
Visual studio: 2003
wxWidgets : 2.8.8
Is there any command line tool or any wxWidget class?
Any idea would be helful
How to save encrypted password in the configration file
-
- Experienced Solver
- Posts: 96
- Joined: Fri Jun 17, 2005 1:53 pm
- Location: Germany
- Contact:
Well for reading and writing to a config file see the wxConfig overveiw and wxConfigBase.
-
- Experienced Solver
- Posts: 96
- Joined: Fri Jun 17, 2005 1:53 pm
- Location: Germany
- Contact:
-
- I live to help wx-kind
- Posts: 172
- Joined: Sun Sep 07, 2008 9:49 pm
- Location: Rio de Janeiro, Brazil
Saving a password, even if encrypted, to a file usually breaks the application's security.
1. If you save the password in clear text, it's trivial to find it.
2. If you save it as a hash (i.e. MD5 and the SHA family), one only have to generate a new hash with his/her own password and use it to break into the application.
3. If you save it encrypted, then you have to save the encryption/decryption key in the application, so it's just a matter of statistical analysis to find it and break the password in the config file.
But never *ever* implement your own encryption algorithm. Cryptography algorithms are very complicated to construct, and are usually made by mathematicians and go through a lot of public scrutiny before being considered secure.
That said, for many uses the third option is usually good enough, provided you're not selling applications to protected top-secret data.
You could try Crypto++ http://www.cryptopp.com/, which is free and feature-rich.
To implement the 3rd option, I'd go with AES. For the 2nd, which is also good enough for less sensitive information, I'd go with SHA-256.
Cheers,
Andre
1. If you save the password in clear text, it's trivial to find it.
2. If you save it as a hash (i.e. MD5 and the SHA family), one only have to generate a new hash with his/her own password and use it to break into the application.
3. If you save it encrypted, then you have to save the encryption/decryption key in the application, so it's just a matter of statistical analysis to find it and break the password in the config file.
But never *ever* implement your own encryption algorithm. Cryptography algorithms are very complicated to construct, and are usually made by mathematicians and go through a lot of public scrutiny before being considered secure.
That said, for many uses the third option is usually good enough, provided you're not selling applications to protected top-secret data.
You could try Crypto++ http://www.cryptopp.com/, which is free and feature-rich.
To implement the 3rd option, I'd go with AES. For the 2nd, which is also good enough for less sensitive information, I'd go with SHA-256.
Cheers,
Andre