Page 1 of 1

Secure Logon prog.(w/ encryption)

Posted: Sun Dec 11, 2005 3:17 pm
by Agent_Firestalker
Okay. I've come up with an idea for a computer security thing. My beta will be in QB, who knows if i'll go to VB or better.

Anyway, the program chooses 3 different questions from a text file, along with their answers. After you logon to Windows, the screen changes to a full background and a window pops up, asking the first question. You only get two tries per question. (to allow for a typo the first time) If you answers all three questions, you are logged in. Fail any question twice and you're pretty much screwed.

In order to prevent users from finding the file containing the q's and a's, I've decided to encrypt it. For my beta, i'm using the method from the pc game Shivers 2. Each letter of a word is converted to a number, then 4 is added to the number.
If I put these in a text file like this... (note, these numbers aren't real words, they're just random #'s)

1723918, 24510

the question, (the first string) is 1, 7, 23, 9, 18
and the second string(answer) is 24, 5, 10

How will I tell qb that 25 is 25 and not 2 and 5. How do I tell it if it's a single digit and two digit number? I don't think there's a way. If there isn't let me know so I can come up with a better encryption method.

Thanks,
Agent_Firestalker

Posted: Sun Dec 11, 2005 6:40 pm
by {Nathan}
i can think of a way: special characters. EG

25, 4, and 7 would become

$2547

That way, you know that if there is a $ somewhere, you know the next to numbers are together, EG 25. If there is no $, the numbers are not together (seperate).

Posted: Mon Dec 12, 2005 1:43 am
by Anonymous
try using ASCII characters instead and use ASC() to find the ASC val of a letter, then use some maths such as ascii num + 5 and then display that character in the file. so the ASCII character uncrypted would be "A" and when it is crypted it would be "F" (that is if you plus the ascii val by 5).

heres a simple example done in FB, though it works in QB just as well

Code: Select all

'Sets text to be used
text$ = "Eat spam"

'Displays text as normal
PRINT text$

'Encrypt letters
FOR length = 1 TO LEN(text$)
    e.text$ = e.text$ + CHR$(5 + ASC(MID$(text$, length, 1)))
NEXT
text$ = e.text$

'Print encrypted text
PRINT text$

'Decrypts text
FOR length = 1 TO LEN(text$)
    d.text$ = d.text$ + CHR$(ASC(MID$(text$, length, 1)) - 5)
NEXT
text$ = d.text$

'Print decrypted text
PRINT text$

SLEEP
You can should watch out and make sure that you don't exceed 255 character val, also use a better algo than + 5 say like replace the lines in the for next loops with

for the first one

Code: Select all

    e.text$ = e.text$ + CHR$(2 * ASC(MID$(text$, length, 1))-3)
and the second

Code: Select all

    d.text$ = d.text$ + CHR$((ASC(MID$(text$, length, 1))+3)/2)
hope this helps

Posted: Mon Dec 12, 2005 9:34 am
by Z!re
ALT+TAB
ALT+ENTER
(ALT+F4, does not always work in fullscreen dosbox)
CTRL+ALT+DEL
Failsafe startup
Disable Autostart objects

Any of the above would simply override your login program

Posted: Mon Dec 12, 2005 11:17 am
by Guest
running the program in the autoexec.bat file would stop Z!re's problem except for the last two.

Posted: Mon Dec 12, 2005 11:50 am
by Z!re
Anonymous wrote:running the program in the autoexec.bat file would stop Z!re's problem except for the last two.
Boot diskette, boot cd..

If people want access to you computer, they'll get it, simple as that..

Posted: Mon Dec 12, 2005 12:36 pm
by PQBC...
Write a password program in Assembler, then load it into your MBR. Yet again, Z!re probably knows that FDISK /MBR could remove this as well, but most people wouldn't recongnize it.

Also, you could grab LILO and install that if you just want to protect your OS. LILO can be configured to ask for a password to boot an operating system.

Posted: Mon Dec 12, 2005 1:09 pm
by Z!re
PQBC... wrote:Write a password program in Assembler, then load it into your MBR. Yet again, Z!re probably knows that FDISK /MBR could remove this as well, but most people wouldn't recongnize it.

Also, you could grab LILO and install that if you just want to protect your OS. LILO can be configured to ask for a password to boot an operating system.
Or just remove the HD from the compuer and put it in another, as a non-booting disk..

Posted: Mon Dec 12, 2005 3:06 pm
by Kyle
Or again, a boot diskette or CD.

Posted: Tue Dec 13, 2005 4:52 am
by Nemesis
Or you could, if you knew circuit board logic, hard-wire the program onto your mother board.
That might be a little over the top but, I can never tell :evil:

Nemesis

Posted: Tue Dec 13, 2005 1:41 pm
by PQBC...
I never thought about using HARDWARE :P
Make a program and put it into a PCI chip. Configure your computer to run the ROM on your PCI chip. Then, it would work :P
But, PCI chips can be easily removed :(

Posted: Tue Dec 13, 2005 3:29 pm
by {Nathan}
Yeah it could be removed, but also who would think that you emebedded a program into a pci card???!!!

Posted: Tue Dec 13, 2005 5:47 pm
by Z!re
Nathan1993 wrote:Yeah it could be removed, but also who would think that you emebedded a program into a pci card???!!!
When obtaining data from another computer:
1) Get computer
2) Unplug hard-drive(s)
3) Plug hard-drive(s) into other computer
4) start other computer, check content of hard-drive(s)

Enjoy..

Posted: Tue Dec 13, 2005 9:27 pm
by Nemesis
Z!re wrote:
Nathan1993 wrote:Yeah it could be removed, but also who would think that you emebedded a program into a pci card???!!!
When obtaining data from another computer:
1) Get computer
2) Unplug hard-drive(s)
3) Plug hard-drive(s) into other computer
4) start other computer, check content of hard-drive(s)

Enjoy..
When security is seriously an issue...

1) Buy hard-drive with custom password embedded by manufacturer of drive.

2)Party hard, and don't worry about the only girl at the party acting like a guy, running her mouth, thinking she's the bomb and can crack into your computers hard-drive and retrieve your most sensitive data :roll:

Enjoy the rest of the party :lol:

Re: Secure Logon prog.(w/ encryption)

Posted: Wed Dec 14, 2005 7:44 pm
by Guest
Agent_Firestalker wrote:Okay. I've come up with an idea for a computer security thing.....
Anyway, the program chooses 3 different questions from a text file, along with their answers. After you logon to Windows, the screen changes to a full background and a window pops up, asking the first question. You only get two tries per question. (to allow for a typo the first time) If you answers all three questions, you are logged in. Fail any question twice and you're pretty much screwed.
In order to prevent users from finding the file containing the q's and a's, I've decided to encrypt it......
I've been following developments on this thread. Everyone seems to be preceeding with the technical aspects of the program. However, I'm still stuck on the fundamental requirements or definition.

QUESTIONS:

1) How do users get to know the questions and answers in the first place? Are you going to give him a list to study? If not, and these are general questions, then can any smart person answer them?

2) Are the questions and answers directly related to each user? Like: what's your mother's maiden name? If the questions are user related like this, then each user needs to have a "user name", and needs to have an enrollment process to set up the questions and answers.

I think you need to decide on the above issues before you start looking at the technicalities. I'll help you with this as best I can.
*****

Posted: Wed Dec 14, 2005 7:46 pm
by moneo
The above post was mine (Moneo)
*****

Posted: Thu Dec 15, 2005 5:58 pm
by Nemesis
I appoligize to Z!re for my last, sarcastic post which was uncalled for.
(I was just upset about some comments that were made in another topic,
so ignore my last post.)

Nemesis

Posted: Thu Dec 15, 2005 7:26 pm
by Z!re
Nemesis wrote:I appoligize to Z!re for my last, sarcastic post which was uncalled for.
(I was just upset about some comments that were made in another topic,
so ignore my last post.)

Nemesis
Didnt even notice it :P
And I am the bomb, mind you..

What's the Question/Answer

Posted: Fri Dec 16, 2005 12:02 pm
by Zim
How about asking questions whose answers vary with time, then have the program check the time, compute the correct answer and compare that with the answer supplied by the user.... just a thought...

Posted: Fri Dec 16, 2005 1:09 pm
by Patz QuickBASIC Creations
zim wrote:How about asking questions whose answers vary with time, then have the program check the time, compute the correct answer and compare that with the answer supplied by the user.... just a thought...
I made a program that generates a new password everyday. I also made a program with it to list the passwords for a given month and year. (ex. if you wanted a list of the passwords for march, 2006, then it would generate 31 codes for each day.) I didn't feel like putting in a corrector to have it have the number of days for each month (ex. Feburary would still give you 31 days.) But it worked. The password changes everyday, which I have the list to every month. (I also made it output the list to file/printer on user prompt). Time, in my opinion, would be TOO exact. The password would change for every 1 second the person was on. Like I said, TOO exact.