Mail Archives: djgpp/1997/10/13/12:01:20
George Foot wrote:
>
> Gautam N. Lad (gautam AT interlog DOT com) wrote:
> : This may be one of the dumbest question, but is there any way to password
> : protect Allegro's DATAFILE (.DAT) so that if a user of my program has
> : DJGPP and Allegro fully installed, tries to open up my program's .DAT file, it
> : would ask for a password (which is stored in the .DAT file).
> : I mean, they can hack the Grabber program to by-pass the password (if
> : possible), but is something like this possible, hopefully in the future (or is it
> : already available in v3.x)?
>
> It's already available. The encryption system is not particularly secure;
> anyone with the source to your program could of course find out what the
> password is. I think it's a WIP feature, though. You call a function to
> set a password, and then all subsequent packfile functions (including
> datafile accesses) use that password. The grabber and dat utility both
> support this too.
>
> --
> George Foot <mert0407 AT sable DOT ox DOT ac DOT uk>
> Merton College, Oxford
There are ways to make this more secure, by "encrypting" it within your
code. For example, don't do this:
char passwd[] = "fwloih325";
if that is the password. Instead, create a simple encryption function.
For example:
// key should be an 8-character password
char *get_password(char *key)
{
key[0] *= 2;
key[1] = (key[1] + 5 + (char)(key[1] / 1.252325));
key[2] -= 23;
key[3] = key[4] >> 3;
key[4] = 114;
/* etc, etc... */
return key;
}
Then, choose an arbitrary 8-character string. Run it through this
function, and see what you get. The result should be your actual
password. However, the string that you hard-code into your EXE should
be the initial arbitrary string that you chose. To get the actual
password, call get_password() using the string as the parameter. This
makes things a little more secure, rather than just hardcoding the
password into your EXE.
- Raw text -