2 Replies - 616 Views - Last Post: 18 November 2012 - 04:31 PM

#1 mattcash83  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 41
  • Joined: 23-June 12

Username/Password

Posted 11 November 2012 - 06:08 PM

I am new to programming, and I have some questions about adding a login option to my program. What are the correct ways to go about storing and retrieving the username and password? For now, and I know that this is in no way the best choice, I have been encrypting them to a textfile, reading from the textfile, and comparing strings. I can imagin various risks in this method; how should I approach this? Any help is welcome, Thanks!
Is This A Good Question/Topic? 0
  • +

Replies To: Username/Password

#2 Martyr2  Icon User is offline

  • Programming Theoretician
  • member icon

Reputation: 4438
  • View blog
  • Posts: 12,309
  • Joined: 18-April 07

Re: Username/Password

Posted 11 November 2012 - 06:18 PM

*
POPULAR

Well there are various "levels" of protection you can implement when store passwords. Typically you store the password, hashed using a secure hashing algorithm in a database for the users account. When the user enters their username and password, you use the username to find the record, rehash the password they provided and compare that directly with what is stored in the database. If the two match, they are granted access.

Now how you go about hashing the password is the trick. You want to first of all use a secure, unbroken, and tested algorithm. Never a good idea to create your own or use one of the hashing algorithms already compromised like MD5 or SHA-1.

It is advised that you at least use an algorithm like SHA-256, SHA-512 or Whirlpool at bare minimum with a salt. A salt is a random generated string that is combined with the password before encrypting, and then encrypted.

For instance if my password was "billybob" I may take that password, add "sdkfjlsf" to it to create "billybobsdkfjlsf" and then run it through one of the algorithms listed above. Then store that as a hash in the database. When the user enters "billybob" you add the same salt, rehash it, then compare that to the hash you have stored in the database.

An additional level of security is to then run the hashed string again and again through the same algorithm X number of times. Where X is some number of "rounds". But that is getting a bit complex. Try working on creating a salt, combining it with the password, hashing it, then storing that in the database. Then of course compare them to grant access.

Check out this video for more details: http://www.youtube.c...eature=youtu.be

Enjoy! :)

P.S. I am recommending level 3 in this presentation.
Was This Post Helpful? 6
  • +
  • -

#3 mattcash83  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 41
  • Joined: 23-June 12

Re: Username/Password

Posted 18 November 2012 - 04:31 PM

Thank you, got me on the right track!
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1