Results 1 to 11 of 11
  1. #1
    Svenrip is offline Member
    Join Date
    Dec 2010
    Posts
    5
    Rep Power
    0

    Default password manager in another way

    Hi everybody I'm new in this forum , hope my post is in the right section :)
    I' ve started a program with the idea to create a simply password manager , using just files .txt to store the data but now I've realized that is useless, cose everyone using the pc can see those files where usernames and passwords are stored just opening them. So I was thinking a solution for the security of those files , anyone can give me an idea ? (even a different way to do a password manager) I know that one solution can be the use of a DB but I think I'm not ready to use them ..thanks

  2. #2
    ianyappy is offline Member
    Join Date
    Dec 2010
    Posts
    13
    Rep Power
    0

    Default

    I suppose one simple method would be to use some hash function to hash the password (E.g. MD5 or SHA1). You then store the hash together with the username. When the user enters the password, just run the hash on the password to see if it matches the one in the text file.

  3. #3
    Svenrip is offline Member
    Join Date
    Dec 2010
    Posts
    5
    Rep Power
    0

    Default

    your solution is about the security inside the program , I was talking about the security outside the program . For example a person using my laptop that search for .txt files can find the data where the pass are stored , just opening those .txt files crated by my program .... is that more clear? :confused:

  4. #4
    ianyappy is offline Member
    Join Date
    Dec 2010
    Posts
    13
    Rep Power
    0

    Default

    Well actually, your text file would keep only the hashed version of the password (together with the username). It should not be possible to recover the actual password from the hash. When you run the program, it should hash the password that the user inputs and compare it with the stored version of the hash. Thus you never store the password in its "plaintext" form.

    Hope that makes sense. :)

  5. #5
    Zack's Avatar
    Zack is offline Senior Member
    Join Date
    Jun 2010
    Location
    Destiny Islands
    Posts
    692
    Rep Power
    5

    Default

    Quote Originally Posted by ianyappy View Post
    I suppose one simple method would be to use some hash function to hash the password (E.g. MD5 or SHA1). You then store the hash together with the username. When the user enters the password, just run the hash on the password to see if it matches the one in the text file.
    It's a password manager, which means the hash has to be decryptable (so that when you provide a website, or whatnot, it can fetch the username and password for the user). MD5 and SHA1 are not. The OP would probably want to come up with his own encryption method for this reason.

  6. #6
    ianyappy is offline Member
    Join Date
    Dec 2010
    Posts
    13
    Rep Power
    0

    Default

    Oh, oops haha OK, my bad :)

  7. #7
    ianyappy is offline Member
    Join Date
    Dec 2010
    Posts
    13
    Rep Power
    0

    Default

    Oh, well then I suppose one could encrypt the text file (maybe using gpg --symmetric?) with a master password. Then when one needs to retrieve the text file, just decrypt it with the master password.

  8. #8
    Svenrip is offline Member
    Join Date
    Dec 2010
    Posts
    5
    Rep Power
    0

    Default

    I had a look to gpg --symmetric you mentioned and it seems to be something external to the program.The solution is good for myself but what if I give the program to a friend ? He have to use gpg with my program isn't it ? :confused: If the solution using .txt files is too hard any other idea how to store my passw will be appreciated, when I was starting the program somebody advice me to use XML is that a good idea ? I dont have used XML before so I don t know if is good or not for my passw menager..

  9. #9
    JosAH's Avatar
    JosAH is offline Moderator
    Join Date
    Sep 2008
    Location
    Voorschoten, the Netherlands
    Posts
    13,773
    Blog Entries
    7
    Rep Power
    21

    Default

    Quote Originally Posted by Zack View Post
    It's a password manager, which means the hash has to be decryptable (so that when you provide a website, or whatnot, it can fetch the username and password for the user). MD5 and SHA1 are not. The OP would probably want to come up with his own encryption method for this reason.
    That's not needed; a one-way-hash function can also do the job adequately; as long as a password hashes to the same hash value it is accepted as the correct password. That's the way Unix does it.

    kind regards,

    Jos
    cenosillicaphobia: the fear for an empty beer glass

  10. #10
    ianyappy is offline Member
    Join Date
    Dec 2010
    Posts
    13
    Rep Power
    0

    Default

    Quote Originally Posted by Svenrip View Post
    I had a look to gpg --symmetric you mentioned and it seems to be something external to the program.The solution is good for myself but what if I give the program to a friend ? He have to use gpg with my program isn't it ? :confused: If the solution using .txt files is too hard any other idea how to store my passw will be appreciated, when I was starting the program somebody advice me to use XML is that a good idea ? I dont have used XML before so I don t know if is good or not for my passw menager..
    I'm actually not too familiar with Java but a little familiar with crypto.. But how about this example code:
    http://www.example-code.com/java/fileEncryption.asp
    I think it suits your purpose for embedding some encryption within your program without focusing on the details of the encryption. Hope it helps :)

  11. #11
    Svenrip is offline Member
    Join Date
    Dec 2010
    Posts
    5
    Rep Power
    0

    Default

    mmh look like a bit advanced for me but I will try to implement it and I will let you know , thanks
    If anyone has another idea I will consider it too

Similar Threads

  1. Password
    By Adomini in forum New To Java
    Replies: 3
    Last Post: 09-20-2010, 11:43 AM
  2. 'Password' help
    By iWonder in forum New To Java
    Replies: 20
    Last Post: 12-17-2008, 11:05 PM
  3. how to check password for 3 times enterd wrong password
    By sk.mahaboobbhasha@gmail.c in forum New To Java
    Replies: 2
    Last Post: 11-14-2008, 08:53 PM
  4. how to check password for 3 times enterd wrong password
    By sk.mahaboobbhasha@gmail.c in forum Java Servlet
    Replies: 0
    Last Post: 11-14-2008, 02:22 PM
  5. How to check password of a jsp/html with the password of Database(mysql) #1
    By sk.mahaboobbhasha@gmail.c in forum Java Servlet
    Replies: 2
    Last Post: 11-14-2008, 02:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •