Is there a simple way to hide a username/password in registr

[rileydog]

hi,

I am looking for a simple way to hide the username and password. an overview of what I have/want:

a) i have the password and username set as a variable in the 'install parameter" section (they will be stored as registry entries by AI during install). (for now, I do not have it on 'hide" but I will. This will provide some protection.

b) i searched this board and found several discussions about using sha-1. this may be more than I need (and certainly more than I can do myself). I did find two possibilities:

1) http://www.advancedinstaller.com/user-g ... sions.html
I thought of setting permissions for accessing the registry value. Not sure if this is good idea.

2) http://www.advancedinstaller.com/forums ... iis#p20015
this is the more complicated sha-1 approach that I mentioned above.

So, security is not a huge issue for me. My users are unlikely to know or care about the registry. so, is there a fairly simple approach that would give me 'good enough' security?

thanks

[GabrielBarbu]

Hello,

I am afraid I am not aware of any other reliable approaches to achieve what you want. The SHA-1 method seems the easiest and most reliable. Or you could devise your own encryption. This should be fairly easy to achieve.

Regards,
Gabriel

[shelmers]

rileydog,

If part of your concern is coming up with a way to encrypt the username/password that doesn't involve sha-1 or some other sophisticated encryption algorithm, you can use a simple substitution cipher. This technique absolutely won't stand up to government scrutiny but it will confuse the average person enough to withstand simple decoding attempts. And using a method like this will automatically earn you entry in the Captain Whizbang Hall of Fame because it's the same technique used by the Captain Whizbang decoder ring you got in a box of breakfast cereal when you were a kid!

The idea is dead simple -- you create two strings: the first one contains all the symbols you allow users to enter in their username and password; the second contains all of the same symbols but you've changed the order in which they appear. (Note: be sure that each symbol appear exactly once in each string or you won't be able to decode reliably.) Then you look up each character in the first string, record its position and substitute the character that appears in the same position in the second string. See code below.

Code: Select all

Dim sClearText : sClearText = "abcdefghijklmnopqrstuvwxyz0123456789"
Dim sEncrypted : sEncrypted = "qwertyuiop098asdfg7hjkl65zxcvb432nm1"

Dim sInput, sOutput
Dim iPos

sInput = "g"
iPos = InStr(sClearText, sInput)
sOutput = Mid(sEncrypted, iPos, 1)

MsgBox sOutput

To decode, you obviously do the reverse.

If you want examples of more interesting and more secure encryption ciphers, you can spend days reading these citations.

Scott

[rileydog]

Thanks Scott, I appreciate your answer. I like the simple approach and may try it because this would be sufficient for my security considerations.