On Jul 1, 10:08*am, Gilles Ganault <nos...@nospam.comwrote:
* * * * I'd like to encrypt a customer's organization name to use this as
their password to launch our application, and decrypt it within our
VB5 application.
This is how I understand it:
Alice works at OrgaCorp. The string "OrgaCorp" will be encrypted, so
that it becomes "PshbDpsq". This will then be the password of Alice.
Alice logs in using Alice, PshdDpsq as her username and password and
this information is passed to a VB application, which then decodes the
company name to do something with it.
A simple way to encrypt a word is using XOR encryption. So you bitwise
XOR the company name with some other string. However, if a smart user
gets his hands on some passwords, he can deduce your encryption string
from it. XOR encryption is not particularly safe.
XOR encryption is a way of a symetrical encryption. The other poster
said you should use asymetrical encryption, which means that the key
to encrypt the data is another key than the one to decrypt the data.
It depends on your situation which one you should use.
Another solution could be to put username, company, password data in a
database, so that you can check the password and find the right
company for the user.
We will then use this information to print it on every page that the
application prints out. That way, even if some other user gives out
his password, it won't do any good, since the organization name will
be the original user's.
I don't understand this.
I guess there are two things I need to solve:
- how to to check that the password is valid, and not just some crap
an unlicensed user typed just to get past the logon dialog?
You have to encrypt some extra data which serves as a validity check.
For example, instead of encrypting OrgaCorp you can encrypt
GOODOrgaCorp. You then assume that if the decrypted string starts with
GOOD, the password is correct.
For safety reasons, you would not prepend a fixed string but some hash
of the word.
Maybe you are solving your problem the wrong way. Could you explain it
a little more in detail, maybe with an example?