.txt file help

closed account (jwkNwA7f)
I am making a password protected program. The password is stored in a .txt file. How can I make it where only my program can access or read the file?

Thank you!
Encrypt it?
http://en.wikipedia.org/wiki/Encryption
http://en.wikipedia.org/wiki/Disk_encryption

I saw that you were looking at Windows API in another recent forum of yours.
So here is a link for the new DPAPI-NG in Windows 8:
http://msdn.microsoft.com/en-us/library/windows/desktop/hh706794(v=vs.85).aspx
closed account (jwkNwA7f)
How can I encrypt a file?
RC4 should not be to difficult to code. In fact it may be easy to find several easy encryption algorithms on google and then google a c++ source. I found one for RC4 with ease and it seems to be geared to file encrytpion, but I did not read the entire code.
http://monsiterdex.wordpress.com/2013/05/17/simple-file-encryption-in-c-rivest-cipher-4-rc4-byte-inversion-cycling-and-xor/
i think today, RSA is considered the safest -maybe i'm a little outdated-, try googling for a good source code to implement the algorithm.

useful topic:
http://stackoverflow.com/questions/4613361/open-source-code-for-rsa-implementation-in-c-c-use-library-or-write-my-own
closed account (Dy7SLyTq)
i thought blowfish was the safest alorithim?
As far as the US government is concerned, AES is the preferred symmetric cipher (i.e. uses the same key of encrypton and decryption.) Blowfish is another, earlier symmetric cipher.

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

RSA is not considered outdated; it's very much in current use. The fact that no one has worked out a way to break it even after several years of a use is why it's still commonly used.

RSA is an asymetric cipher (with a private and public keys) which is used for key exchange, key signing and verification, etc.

http://en.wikipedia.org/wiki/RSA_%28algorithm%29

Symmetric cipher algorithms are faster than assymetric ones, so if you're sending bulk data to another person you would not use an assymetric cipher to encrypt the data. Instead, you generate a one-time symmetric key (usually with AES) and then use your and the other person's RSA key-pairs to safely transfer this symmetric key. The data is then tranferred using the symetric key.

If you are going to manually provide a password for the saving and loading of the file, then you should use a symmetric key (as there is no one to exchange with.) But note that the ouput of AES (and Blowfish) is binary, so you would have to text-encode the output of the algorithm if you want to save it in a text file (e.g. base-16 encoding, hex encoding, ...)

But I'm not sure going to the trouble of using a full strength key is worth the effort if you're using a hard-coded key in your program, unless you are going to also go to the trouble of make your app hard to debug (non-trivial.) If you just want to make the data file hard for naive users to read (rather than cyber-criminals) then you could use a less involved algorithm, for example:

Tiny Encryption Algorithm
http://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm

Or even just XOR encryption.

If you do go for AES or RSA, it would prob be best to go with a crypto library.

Andy
Last edited on
Your aproch is wrong. Why not just have some content in the text file, and the content is encrypted with a simetric key. When the user enters the password, it tryes to decrypt the text from the file and compares it to some text that is hardcoded in your app. If it does decrypt the text, then your password is correct. The problem with this aproch is that you have to keep the text in clear text or maybe in hex/base 64 in the program. Other then that, it should be pretty secure.
@DTSCode:
Bruce Schneier wrote in his book:
I know of no successful cryptanalysis against Blowfish. To be safe, do not
implement Blowfish with a reduced number of rounds.


however, this book is really outdated -1996-.
i'm not in direct contact with news from the encryption world, i can't advice one or another.

@andyWestken:
you know you can't trust anything the US government tell us to trust, do you?

AES might be safe, but you never know.

and i'm sorry, i didn't revise my memory on the RSA before posting.
closed account (Dy7SLyTq)
i can't advice one or another.

me too. i could be wrong. i didnt research it, but i thought i had read it somewhere and wouldnt hurt to through it out there
Topic archived. No new replies allowed.