Jump to content


Photo
- - - - -

PIV Files


4 replies to this topic

#1 mikelandl

mikelandl

    Expert

  • Members
  • PipPipPipPip
  • 101 posts

Posted 23 May 2006 - 02:54 PM

Hi guys,

I've written an install program for our system which basically allows you to install the ProIv client and enter your basic connection settings (username, password, host, etc..). The program then edits the default piv file, creates a desktop shortcut, changes the icon, etc .... Anyways, my question is in regards to the password field in the piv file. It's obviously not stored as plain text. Does anyone know how it is 'encrypted'? At the moment my program just writes the password that was entered as plain text but that's wrong. Any help would be appreciated. I don't want to get anyone in trouble, just looking to get our install program working properly.

Thanks

#2 mdexter

mdexter

    Advanced

  • Members
  • PipPipPip
  • 70 posts
  • Gender:Male

Posted 23 May 2006 - 04:33 PM

I don't know the answer, but one guess would be that they use the same encryption that is used for PRO-ISAM files. You can encrypt any value using the trick of having 2 file defs pointing to the same PRO-ISAM file, one with the column encrypted, the other not. Write the row with the encrypted file def and read it with the unencrypted file def. This is perhaps a long shot -- you would have to assume they are using a blank (default) encryption key. But it would be easy to test. HTH. Mark Dexter

#3 Chris Pepper

Chris Pepper

    ProIV Guru

  • Members
  • PipPipPipPipPip
  • 369 posts
  • Gender:Male
  • Location:United Kingdom

Posted 24 May 2006 - 07:06 AM

I think "obscured" rather that "encrypted" is a better term for what ProIV does on these fields! It uses a single character key - regardless of the length of the password you give it! I'm not sure that really counts as "encryption" at this more security aware time! :ermm:

#4 mikelandl

mikelandl

    Expert

  • Members
  • PipPipPipPip
  • 101 posts

Posted 24 May 2006 - 02:17 PM

I think "obscured" rather that "encrypted" is a better term for what ProIV does on these fields!


I can't argue with you there :ermm:

#5 mdexter

mdexter

    Advanced

  • Members
  • PipPipPip
  • 70 posts
  • Gender:Male

Posted 25 May 2006 - 04:40 PM

For anyone interested in a simple way to encrypt passwords (or other sensitive data) with SQL Server 2000, I found on the web a TEA encryption algorithm implemented as a user-defined function in SQL. It appears to work well. The URL is

http://www.simonshep...net.com/tea.htm

Mark Dexter



Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users