Secure Logon prog.(w/ encryption)

If you have questions about any aspect of QBasic programming, or would like to help fellow programmers solve their problems, check out this board!

Moderators: Pete, Mods

Post Reply
Agent_Firestalker
Coder
Posts: 18
Joined: Fri Feb 11, 2005 11:51 am
Location: Lea Monde Ruins

Secure Logon prog.(w/ encryption)

Post by Agent_Firestalker »

Okay. I've come up with an idea for a computer security thing. My beta will be in QB, who knows if i'll go to VB or better.

Anyway, the program chooses 3 different questions from a text file, along with their answers. After you logon to Windows, the screen changes to a full background and a window pops up, asking the first question. You only get two tries per question. (to allow for a typo the first time) If you answers all three questions, you are logged in. Fail any question twice and you're pretty much screwed.

In order to prevent users from finding the file containing the q's and a's, I've decided to encrypt it. For my beta, i'm using the method from the pc game Shivers 2. Each letter of a word is converted to a number, then 4 is added to the number.
If I put these in a text file like this... (note, these numbers aren't real words, they're just random #'s)

1723918, 24510

the question, (the first string) is 1, 7, 23, 9, 18
and the second string(answer) is 24, 5, 10

How will I tell qb that 25 is 25 and not 2 and 5. How do I tell it if it's a single digit and two digit number? I don't think there's a way. If there isn't let me know so I can come up with a better encryption method.

Thanks,
Agent_Firestalker
"I ask you, is this a job for intelligent men?"
"Well show me one, i'll ask him?"

Val and Earl - "Tremors"
User avatar
{Nathan}
Veteran
Posts: 1169
Joined: Thu Aug 19, 2004 6:08 pm
Location: The wetlands of central Ohio, USA
Contact:

Post by {Nathan} »

i can think of a way: special characters. EG

25, 4, and 7 would become

$2547

That way, you know that if there is a $ somewhere, you know the next to numbers are together, EG 25. If there is no $, the numbers are not together (seperate).
Image
Anonymous

Post by Anonymous »

try using ASCII characters instead and use ASC() to find the ASC val of a letter, then use some maths such as ascii num + 5 and then display that character in the file. so the ASCII character uncrypted would be "A" and when it is crypted it would be "F" (that is if you plus the ascii val by 5).

heres a simple example done in FB, though it works in QB just as well

Code: Select all

'Sets text to be used
text$ = "Eat spam"

'Displays text as normal
PRINT text$

'Encrypt letters
FOR length = 1 TO LEN(text$)
    e.text$ = e.text$ + CHR$(5 + ASC(MID$(text$, length, 1)))
NEXT
text$ = e.text$

'Print encrypted text
PRINT text$

'Decrypts text
FOR length = 1 TO LEN(text$)
    d.text$ = d.text$ + CHR$(ASC(MID$(text$, length, 1)) - 5)
NEXT
text$ = d.text$

'Print decrypted text
PRINT text$

SLEEP
You can should watch out and make sure that you don't exceed 255 character val, also use a better algo than + 5 say like replace the lines in the for next loops with

for the first one

Code: Select all

    e.text$ = e.text$ + CHR$(2 * ASC(MID$(text$, length, 1))-3)
and the second

Code: Select all

    d.text$ = d.text$ + CHR$((ASC(MID$(text$, length, 1))+3)/2)
hope this helps
Z!re
Veteran
Posts: 887
Joined: Wed Aug 04, 2004 11:15 am

Post by Z!re »

ALT+TAB
ALT+ENTER
(ALT+F4, does not always work in fullscreen dosbox)
CTRL+ALT+DEL
Failsafe startup
Disable Autostart objects

Any of the above would simply override your login program
I have left this dump.
Guest

Post by Guest »

running the program in the autoexec.bat file would stop Z!re's problem except for the last two.
Z!re
Veteran
Posts: 887
Joined: Wed Aug 04, 2004 11:15 am

Post by Z!re »

Anonymous wrote:running the program in the autoexec.bat file would stop Z!re's problem except for the last two.
Boot diskette, boot cd..

If people want access to you computer, they'll get it, simple as that..
I have left this dump.
PQBC...

Post by PQBC... »

Write a password program in Assembler, then load it into your MBR. Yet again, Z!re probably knows that FDISK /MBR could remove this as well, but most people wouldn't recongnize it.

Also, you could grab LILO and install that if you just want to protect your OS. LILO can be configured to ask for a password to boot an operating system.
Z!re
Veteran
Posts: 887
Joined: Wed Aug 04, 2004 11:15 am

Post by Z!re »

PQBC... wrote:Write a password program in Assembler, then load it into your MBR. Yet again, Z!re probably knows that FDISK /MBR could remove this as well, but most people wouldn't recongnize it.

Also, you could grab LILO and install that if you just want to protect your OS. LILO can be configured to ask for a password to boot an operating system.
Or just remove the HD from the compuer and put it in another, as a non-booting disk..
I have left this dump.
User avatar
Kyle
Veteran
Posts: 107
Joined: Thu Apr 14, 2005 2:41 pm

Post by Kyle »

Or again, a boot diskette or CD.
Nemesis
Coder
Posts: 36
Joined: Mon Aug 16, 2004 12:54 pm
Location: Colorado Springs, Colorado

Post by Nemesis »

Or you could, if you knew circuit board logic, hard-wire the program onto your mother board.
That might be a little over the top but, I can never tell :evil:

Nemesis
PQBC...

Post by PQBC... »

I never thought about using HARDWARE :P
Make a program and put it into a PCI chip. Configure your computer to run the ROM on your PCI chip. Then, it would work :P
But, PCI chips can be easily removed :(
User avatar
{Nathan}
Veteran
Posts: 1169
Joined: Thu Aug 19, 2004 6:08 pm
Location: The wetlands of central Ohio, USA
Contact:

Post by {Nathan} »

Yeah it could be removed, but also who would think that you emebedded a program into a pci card???!!!
Image
Z!re
Veteran
Posts: 887
Joined: Wed Aug 04, 2004 11:15 am

Post by Z!re »

Nathan1993 wrote:Yeah it could be removed, but also who would think that you emebedded a program into a pci card???!!!
When obtaining data from another computer:
1) Get computer
2) Unplug hard-drive(s)
3) Plug hard-drive(s) into other computer
4) start other computer, check content of hard-drive(s)

Enjoy..
I have left this dump.
Nemesis
Coder
Posts: 36
Joined: Mon Aug 16, 2004 12:54 pm
Location: Colorado Springs, Colorado

Post by Nemesis »

Z!re wrote:
Nathan1993 wrote:Yeah it could be removed, but also who would think that you emebedded a program into a pci card???!!!
When obtaining data from another computer:
1) Get computer
2) Unplug hard-drive(s)
3) Plug hard-drive(s) into other computer
4) start other computer, check content of hard-drive(s)

Enjoy..
When security is seriously an issue...

1) Buy hard-drive with custom password embedded by manufacturer of drive.

2)Party hard, and don't worry about the only girl at the party acting like a guy, running her mouth, thinking she's the bomb and can crack into your computers hard-drive and retrieve your most sensitive data :roll:

Enjoy the rest of the party :lol:
Guest

Re: Secure Logon prog.(w/ encryption)

Post by Guest »

Agent_Firestalker wrote:Okay. I've come up with an idea for a computer security thing.....
Anyway, the program chooses 3 different questions from a text file, along with their answers. After you logon to Windows, the screen changes to a full background and a window pops up, asking the first question. You only get two tries per question. (to allow for a typo the first time) If you answers all three questions, you are logged in. Fail any question twice and you're pretty much screwed.
In order to prevent users from finding the file containing the q's and a's, I've decided to encrypt it......
I've been following developments on this thread. Everyone seems to be preceeding with the technical aspects of the program. However, I'm still stuck on the fundamental requirements or definition.

QUESTIONS:

1) How do users get to know the questions and answers in the first place? Are you going to give him a list to study? If not, and these are general questions, then can any smart person answer them?

2) Are the questions and answers directly related to each user? Like: what's your mother's maiden name? If the questions are user related like this, then each user needs to have a "user name", and needs to have an enrollment process to set up the questions and answers.

I think you need to decide on the above issues before you start looking at the technicalities. I'll help you with this as best I can.
*****
moneo
Veteran
Posts: 451
Joined: Tue Jun 28, 2005 7:00 pm
Location: Mexico City, Mexico

Post by moneo »

The above post was mine (Moneo)
*****
Nemesis
Coder
Posts: 36
Joined: Mon Aug 16, 2004 12:54 pm
Location: Colorado Springs, Colorado

Post by Nemesis »

I appoligize to Z!re for my last, sarcastic post which was uncalled for.
(I was just upset about some comments that were made in another topic,
so ignore my last post.)

Nemesis
Z!re
Veteran
Posts: 887
Joined: Wed Aug 04, 2004 11:15 am

Post by Z!re »

Nemesis wrote:I appoligize to Z!re for my last, sarcastic post which was uncalled for.
(I was just upset about some comments that were made in another topic,
so ignore my last post.)

Nemesis
Didnt even notice it :P
And I am the bomb, mind you..
I have left this dump.
User avatar
Zim
Veteran
Posts: 98
Joined: Mon Dec 05, 2005 4:31 pm
Location: Wisconsin, USA
Contact:

What's the Question/Answer

Post by Zim »

How about asking questions whose answers vary with time, then have the program check the time, compute the correct answer and compare that with the answer supplied by the user.... just a thought...
--- Zim ---
--- Time flies like an arrow, but fruit flies like a banana ---
Patz QuickBASIC Creations
Veteran
Posts: 399
Joined: Wed Mar 02, 2005 9:01 pm
Location: Nashville, Tennessee
Contact:

Post by Patz QuickBASIC Creations »

zim wrote:How about asking questions whose answers vary with time, then have the program check the time, compute the correct answer and compare that with the answer supplied by the user.... just a thought...
I made a program that generates a new password everyday. I also made a program with it to list the passwords for a given month and year. (ex. if you wanted a list of the passwords for march, 2006, then it would generate 31 codes for each day.) I didn't feel like putting in a corrector to have it have the number of days for each month (ex. Feburary would still give you 31 days.) But it worked. The password changes everyday, which I have the list to every month. (I also made it output the list to file/printer on user prompt). Time, in my opinion, would be TOO exact. The password would change for every 1 second the person was on. Like I said, TOO exact.
Post Reply