Secure Logon prog.(w/ encryption)
-
- Coder
- Posts: 18
- Joined: Fri Feb 11, 2005 11:51 am
- Location: Lea Monde Ruins
Secure Logon prog.(w/ encryption)
Okay. I've come up with an idea for a computer security thing. My beta will be in QB, who knows if i'll go to VB or better.
Anyway, the program chooses 3 different questions from a text file, along with their answers. After you logon to Windows, the screen changes to a full background and a window pops up, asking the first question. You only get two tries per question. (to allow for a typo the first time) If you answers all three questions, you are logged in. Fail any question twice and you're pretty much screwed.
In order to prevent users from finding the file containing the q's and a's, I've decided to encrypt it. For my beta, i'm using the method from the pc game Shivers 2. Each letter of a word is converted to a number, then 4 is added to the number.
If I put these in a text file like this... (note, these numbers aren't real words, they're just random #'s)
1723918, 24510
the question, (the first string) is 1, 7, 23, 9, 18
and the second string(answer) is 24, 5, 10
How will I tell qb that 25 is 25 and not 2 and 5. How do I tell it if it's a single digit and two digit number? I don't think there's a way. If there isn't let me know so I can come up with a better encryption method.
Thanks,
Agent_Firestalker
Anyway, the program chooses 3 different questions from a text file, along with their answers. After you logon to Windows, the screen changes to a full background and a window pops up, asking the first question. You only get two tries per question. (to allow for a typo the first time) If you answers all three questions, you are logged in. Fail any question twice and you're pretty much screwed.
In order to prevent users from finding the file containing the q's and a's, I've decided to encrypt it. For my beta, i'm using the method from the pc game Shivers 2. Each letter of a word is converted to a number, then 4 is added to the number.
If I put these in a text file like this... (note, these numbers aren't real words, they're just random #'s)
1723918, 24510
the question, (the first string) is 1, 7, 23, 9, 18
and the second string(answer) is 24, 5, 10
How will I tell qb that 25 is 25 and not 2 and 5. How do I tell it if it's a single digit and two digit number? I don't think there's a way. If there isn't let me know so I can come up with a better encryption method.
Thanks,
Agent_Firestalker
"I ask you, is this a job for intelligent men?"
"Well show me one, i'll ask him?"
Val and Earl - "Tremors"
"Well show me one, i'll ask him?"
Val and Earl - "Tremors"
try using ASCII characters instead and use ASC() to find the ASC val of a letter, then use some maths such as ascii num + 5 and then display that character in the file. so the ASCII character uncrypted would be "A" and when it is crypted it would be "F" (that is if you plus the ascii val by 5).
heres a simple example done in FB, though it works in QB just as well
You can should watch out and make sure that you don't exceed 255 character val, also use a better algo than + 5 say like replace the lines in the for next loops with
for the first one
and the second
hope this helps
heres a simple example done in FB, though it works in QB just as well
Code: Select all
'Sets text to be used
text$ = "Eat spam"
'Displays text as normal
PRINT text$
'Encrypt letters
FOR length = 1 TO LEN(text$)
e.text$ = e.text$ + CHR$(5 + ASC(MID$(text$, length, 1)))
NEXT
text$ = e.text$
'Print encrypted text
PRINT text$
'Decrypts text
FOR length = 1 TO LEN(text$)
d.text$ = d.text$ + CHR$(ASC(MID$(text$, length, 1)) - 5)
NEXT
text$ = d.text$
'Print decrypted text
PRINT text$
SLEEP
for the first one
Code: Select all
e.text$ = e.text$ + CHR$(2 * ASC(MID$(text$, length, 1))-3)
Code: Select all
d.text$ = d.text$ + CHR$((ASC(MID$(text$, length, 1))+3)/2)
Write a password program in Assembler, then load it into your MBR. Yet again, Z!re probably knows that FDISK /MBR could remove this as well, but most people wouldn't recongnize it.
Also, you could grab LILO and install that if you just want to protect your OS. LILO can be configured to ask for a password to boot an operating system.
Also, you could grab LILO and install that if you just want to protect your OS. LILO can be configured to ask for a password to boot an operating system.
Or just remove the HD from the compuer and put it in another, as a non-booting disk..PQBC... wrote:Write a password program in Assembler, then load it into your MBR. Yet again, Z!re probably knows that FDISK /MBR could remove this as well, but most people wouldn't recongnize it.
Also, you could grab LILO and install that if you just want to protect your OS. LILO can be configured to ask for a password to boot an operating system.
I have left this dump.
When obtaining data from another computer:Nathan1993 wrote:Yeah it could be removed, but also who would think that you emebedded a program into a pci card???!!!
1) Get computer
2) Unplug hard-drive(s)
3) Plug hard-drive(s) into other computer
4) start other computer, check content of hard-drive(s)
Enjoy..
I have left this dump.
When security is seriously an issue...Z!re wrote:When obtaining data from another computer:Nathan1993 wrote:Yeah it could be removed, but also who would think that you emebedded a program into a pci card???!!!
1) Get computer
2) Unplug hard-drive(s)
3) Plug hard-drive(s) into other computer
4) start other computer, check content of hard-drive(s)
Enjoy..
1) Buy hard-drive with custom password embedded by manufacturer of drive.
2)Party hard, and don't worry about the only girl at the party acting like a guy, running her mouth, thinking she's the bomb and can crack into your computers hard-drive and retrieve your most sensitive data
Enjoy the rest of the party
Re: Secure Logon prog.(w/ encryption)
I've been following developments on this thread. Everyone seems to be preceeding with the technical aspects of the program. However, I'm still stuck on the fundamental requirements or definition.Agent_Firestalker wrote:Okay. I've come up with an idea for a computer security thing.....
Anyway, the program chooses 3 different questions from a text file, along with their answers. After you logon to Windows, the screen changes to a full background and a window pops up, asking the first question. You only get two tries per question. (to allow for a typo the first time) If you answers all three questions, you are logged in. Fail any question twice and you're pretty much screwed.
In order to prevent users from finding the file containing the q's and a's, I've decided to encrypt it......
QUESTIONS:
1) How do users get to know the questions and answers in the first place? Are you going to give him a list to study? If not, and these are general questions, then can any smart person answer them?
2) Are the questions and answers directly related to each user? Like: what's your mother's maiden name? If the questions are user related like this, then each user needs to have a "user name", and needs to have an enrollment process to set up the questions and answers.
I think you need to decide on the above issues before you start looking at the technicalities. I'll help you with this as best I can.
*****
What's the Question/Answer
How about asking questions whose answers vary with time, then have the program check the time, compute the correct answer and compare that with the answer supplied by the user.... just a thought...
--- Zim ---
--- Time flies like an arrow, but fruit flies like a banana ---
--- Time flies like an arrow, but fruit flies like a banana ---
-
- Veteran
- Posts: 399
- Joined: Wed Mar 02, 2005 9:01 pm
- Location: Nashville, Tennessee
- Contact:
I made a program that generates a new password everyday. I also made a program with it to list the passwords for a given month and year. (ex. if you wanted a list of the passwords for march, 2006, then it would generate 31 codes for each day.) I didn't feel like putting in a corrector to have it have the number of days for each month (ex. Feburary would still give you 31 days.) But it worked. The password changes everyday, which I have the list to every month. (I also made it output the list to file/printer on user prompt). Time, in my opinion, would be TOO exact. The password would change for every 1 second the person was on. Like I said, TOO exact.zim wrote:How about asking questions whose answers vary with time, then have the program check the time, compute the correct answer and compare that with the answer supplied by the user.... just a thought...