Twice today people were worried about securing their work.
One very probably inadvertantly left passwords in plain text in
the compiled program. Here is a simple method to hide your
passwords.
Compiled or not, this is not going to look like a password:
usr = CDec(19199683 * 4) & CDec(16739357 * 5) & CDec(88870 * 931 + 519)
Yet that is the type of things you have to do to hide your passwords
in amongst other executable code. And, you don't have to do it all in one place
either, you can assign the first part early on, then concatenate the second
and later parts while you are initializing your app.
But, eventually you have to make a comparison:
If pw = Condense(usr) then ... ' Passed flag set
And that is what the hacker is going to look for. If he can adjust the file
so that one expression appears True, then he's done, and no one needs
a password. Your defense against that is to break that one comparison into
a few different tests, and plant them in different parts of your code:
Passed = Passed And (Left$(pw, 3) = Left$(Condense(usr), 3))
and
Passed = Passed And ( Right$(Condense(usr), 3) = Right$(pw,3) )
Or
Partial = ( Condense(usr) = pw )
And elsewhere:
Passed = Passed And Partial
And so forth, such that all of them have to pass in order for Passed
to remain True. In addition, you might want to use 3 or 4 different
indicators to force the hacker to look up more than just one memory
reference. With just one indicator the hacker can go though and adjust
file code such that Passed ends up True at the end of all those code
sections. If you have 2 or 3 such tests, he has to adjust the file 2 or 3
times, but if you add 2 or 3 indicators, he has to comb the entire code
for 2 or 3 memory references and adjust all those....
You want to expend a little effort to make him do considerably more work.
The more work required, the more chances you have that he will just give up.
That is what you count on to protect your investment, that the work required
to hack the program is just too much for all but the criminally insane!
So, what about that hidden password? Run it through this short routine to
see what you get....
Private Function Condense$(ByVal Text$)
Dim pos&
Condense = Space$(Len(Text) \ 2)
For pos = 1 To Len(Text) \ 2
Mid(Condense, pos, 1) = Chr$(Val(Mid(Text, pos * 2 - 1, 2)))
Next
End Function
It's not National Defense caliber, but it is pretty easy to implement....
Have fun!
LFS
What is the KB?: http://support.microsoft.com/default.aspx?scid=fh;en-us;kbinfo
RTFM? http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon98/html/vbstartpage.asp
Where's the archive?: http://groups.google.com/advanced_group_search?q=group:microsoft.public.vb.*&hl=en&safe=off&num=50