From: mert0407 AT sable DOT ox DOT ac DOT uk (George Foot)
Newsgroups: comp.os.msdos.djgpp
Subject: Re: Allegro: Password protecting DATAFILE
Date: 12 Oct 1997 14:04:51 GMT
Organization: Oxford University, England
Lines: 27
Message-ID: <61qle3$auh$3@news.ox.ac.uk>
References: <61oa8h$9vg$2 AT news DOT interlog DOT com> <61ocqv$li3$3 AT news DOT ox DOT ac DOT uk> <34409173 DOT 3453 AT indy DOT net>
NNTP-Posting-Host: sable.ox.ac.uk
To: djgpp AT delorie DOT com
DJ-Gateway: from newsgroup comp.os.msdos.djgpp
Precedence: bulk

Chris Frolik (frolikcc AT indy DOT net) wrote:
: if that is the password.  Instead, create a simple encryption function. 
: For example:
<snip>
: Then, choose an arbitrary 8-character string.  Run it through this
: function, and see what you get.  The result should be your actual
: password.  However, the string that you hard-code into your EXE should
: be the initial arbitrary string that you chose.  To get the actual
: password, call get_password() using the string as the parameter.  This
: makes things a little more secure, rather than just hardcoding the
: password into your EXE.

Sure, they wouldn't be able to find the password in a binary dump of the
.EXE any more, but as I said if they have the *source* you can't hide it
from them ;). You could make it harder to find, if you code like Mel, but
armed with your source code they *must* be able to find the password in
the end (simply by following through everything you do).

If the aim is simply to prevent the user from modifying the datafile, a
different encrpytion system could be used inside the packfile functions
(e.g. public key system), so that people could read but not write, unless
they also have the private password. This is probably going a bit far
though... ;)

-- 
George Foot <mert0407 AT sable DOT ox DOT ac DOT uk>
Merton College, Oxford