Results 1 to 6 of 6
  1. #1
    Join Date
    Jan 2011
    Posts
    30
    Rep Power
    0

    Default Encrypt Password and Username

    Hey, I have a program that runs on a computer and connects to an SFTP server to download files. It needs to give the username and password to log in, and right now they are written out in the code. I don't want the user to be able to decomplie and see the credentials so I need to hide them somehow. I think encryption can help but I'm not familiar with how it works. Basically, I want use encrypting to get a string value that can't be seen in the code (decrypt) then login with it. Can someone please help explain some code and how I would go about doing this?

  2. #2
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    12,014
    Rep Power
    20

    Default

    So you want to encrypt the username and password?
    And the key to the encryption (since you need to decrypt it) is going to be in the code?

    How does that make it any more secure?

  3. #3
    j2me64's Avatar
    j2me64 is offline Senior Member
    Join Date
    Sep 2009
    Location
    Zurich, Switzerland
    Posts
    962
    Rep Power
    6

    Default

    Quote Originally Posted by Tolls View Post
    So you want to encrypt the username and password?
    And the key to the encryption (since you need to decrypt it) is going to be in the code?

    How does that make it any more secure?

    you're right. even if you use a very efficient encryption algorithm is your code the issue is how you prevent a hacker to decompile your class. you could use an obfuscator but this wouldn't make your code much more secure. so we must look for an other approach ... any ideas? is your code executed in a unix-environment?
    Last edited by j2me64; 01-26-2011 at 09:56 AM.

  4. #4
    Join Date
    Jan 2011
    Posts
    30
    Rep Power
    0

    Default

    could I convert the string to a byte and save the string value of the byte in a file (so that will look like a whole bunch of random characters) then use the code to read that and convert it back to the username and password?

  5. #5
    Join Date
    Jan 2011
    Posts
    30
    Rep Power
    0

    Default

    Idea 2: I create some messed up strings that look unfamiliar then use code to slowly change it back to the username and password one char at a time, then putting in random stuff, deleting it out, then another of the chars, then converting it to a byte, then back, just random stuff like that and somewhere in the middle it finds the username and password, sets them to strings with random names then seemingly keeps on going with this random mess of string edits. then it logs in. After that you obfuscate, that will change all of the functions and variables even more and make it more complicated. In a way, Its a written in custom decrypt.

  6. #6
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    12,014
    Rep Power
    20

    Default

    The code that does that will be reasonably easy to find in your app.
    Once it's found then it will be simple to figure out how to get the username and password out of the data in your file.

    This is why webapps are quite popular.

Similar Threads

  1. how to link url with username and password
    By gb.rashu in forum JavaServer Pages (JSP) and JSTL
    Replies: 13
    Last Post: 08-12-2010, 03:12 PM
  2. password username and databases
    By chalo in forum JCreator
    Replies: 0
    Last Post: 12-02-2008, 08:11 AM
  3. username password verification
    By bheezee in forum JDBC
    Replies: 0
    Last Post: 11-25-2008, 06:55 PM
  4. Help, created a username and password box
    By cachi in forum AWT / Swing
    Replies: 1
    Last Post: 08-07-2007, 04:21 AM
  5. JTextFields with username & password.
    By Eric in forum AWT / Swing
    Replies: 2
    Last Post: 07-01-2007, 11:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •