What is the best way to encrypt a value in INI file?
Using Encryption/Decryption key??
A:
You could use any standard encryption algorithm with a key, and perhaps prefix the value with some random padding before encrypting.
However where do you plan to store that key then? Or are you going to get the user to enter a password and derive a key from that? If not then it would be fairly pointless to encrypt the value.
frankodwyer
2008-12-22 14:40:03
A:
To what effect? What are you trying to protect or obfuscate?
You could use one of the many two-way key encryption algorithms available for all platforms... But ask yourself why you're doing it in the first place. If you're trying to make something hack-proof, encrypting ini strings probably isn't going to get you that far because as soon as you decrypt the ini, the string is in memory. And the key to decrypt will be in your program. Childsplay to hack out.
If you just want to stop people editing a setting easily, don't put it in an ini. Choose a binary format that the user will have a hard time editing.
Oli
2008-12-22 14:43:05
+1
A:
For what purpose? Security?
If you are trying to (e.g.) encrypt a plaintext password you should probably use some implementation of PKI. Remember though, that then key management becomes your problem. Just encrypting the value is not a panacea because the ini file is most likely on the local host's file system, presumably the same place you'll have to store your key pair. You've simply abstracted the problem down a layer. They won't be able to read your encrypted password directly, but if they can find the place you store your key pair they can decrypt it themselves.
dviljoen
2008-12-22 14:43:22
A:
MD5 hash
Then you compare hash("password") with the ini_file.password hash
adam
2008-12-22 15:15:29
MD5 hash? *gobsmacked*
Kyle Rozendo
2010-05-18 18:35:07
Ha, with a full 18 months of knowledge later, I'd say the following:The security of the MD5 hash function is severely compromised.
adam
2010-05-19 10:48:15
A:
For personal scripts where I have an email password, I use TinyEncryption.
I will put the passkey in the code itself. This prevents a casual snooper from just browsing through and picking up an email password.
The code is pretty simple too. Here it is in Python.
import random
import base64
def tinycode(key, text, reverse=False):
"(de)crypt stuff"
rand = random.Random(key).randrange
if reverse:
text = base64.b64decode(text)
text = ''.join([chr(ord(elem)^rand(256)) for elem in text])
if not reverse:
text = base64.b64encode(text)
return text
For more enhanced security, I use PGP, but you then have to prompt for a passkey. There's no setup that's perfect, it depends on what your needs are.
Dutch Masters
2008-12-22 16:00:17