Is there a password template routine in C that a complete novice can use for a message?

Pseudocode

BEGIN
Prompt "Password:"
correct password = > print message
ELSE print string "Try again."
ENDIF
END


I need to send private messages without software, installations, or esoteric commands. A complied C executable for Windows to download or e-mail would work.

Suggest you perform a search for password libraries github seems to have quite a few.

By the way, most email systems will disallow EXE files.

A windows executable is definitely an esoteric command (for passwords) on linux. You can only send messages using some kind of software, so I do not really understand these requirements.
By the way, what kind of OS, environment is it?

I want the program to work in Windows.
I'm in Linux.

I don't know if Windows has any open source compilers available.
Maybe the source code is different, but

it's a very basic program:

prompt for a password
match => print an internal message to screen

I can use either os if they have different coding requirements.

I don't write programs, so I don't know how to prompt for a password.

Write your message and save as plain text, then zip the file using zip's password encryption option... user unzips using the password and opens the file... no software not normally found on their end, no hassles.

I very specifically want an encrypted message that requires no installations or actions on part of the recipient beyond clicking on the executable and entering a password, AND I do not want an automatically deciphered output file (of course anything can be captured deliberately) - just a message on screen.

What is your threat model? Who should not be able to read those private messages?

The pseudocode you are suggesting is absolutely not secure: Just because your hypothetical program does not print the message unless the correct password has been entered, it will not prevent anyone from getting the message just by looking inside the program file itself. No sophisticated tools would even be required to do that: a standard tool like strings(1) would be enough. To have some security, the message would need to be stored encrypted within the program. But that raises the difficulty significantly.

Then, even assuming you can write such a program, since you are on Linux and you want the program to run on Windows, you need to cross-compile it. Doyou have a cross-compiler targeting Windows on your Linux system? If not, do you know how to get one? (Hint: look for mingw32; it’s already packaged in some distributions.)

Then, assuming you have a cross-compiled binary ready to be sent, there’s the issue raised by rtmistler above: many email providers will not let a message containing an executable file pass through them. At best, they will let the message pass but without the attachment; at worst, they will silently discard the message, which will never reach the intended recipient.

Then, assuming your message somehow reaches the recipient, there’s the fact that we have spent the last 30 years educating email users not to blindly execute any attachment they receive. Asking your recipients to do just that is a disservice to them.

And finally: How could your recipients be sure that this message they received, containing an executable attachment that they are asked to execute, really comes from you? How can you and they be sure that the executable they have received is the one you sent, and that it has not been tampered with in transit to maybe replace it with a virus?

What you want to do, the way you want to do it, will most likely not guarantee the confidentiality of your messages, may not even work if your emails are blocked because of the executable attachments, and may jeopardize your recipients’ systems.

There are ways to send secure emails, but they all imply that users on both sides have to make some effort. That’s just the way it is.

1 members found this post helpful.

I have to say this sounds a tiny bit like homework, but anyway:

If you're looking for a way to verify a password that's hardcoded in the .exe without the password being immediately visible in a hex editor, you should store the (salted) hash of the password. The bcrypt.h header contains some useful functions, like BCryptHashData. And here's an example of how one might use it.

As gouttegd said above, to hide the message inside the .exe from prying eyes you'll have to encrypt it. And then you'll have a really hard time trying to send it to anyone, unless you put it inside an encrypted and password-protected .zip file.

1 members found this post helpful.

Confirm to the contrary if you will:

gouttegd writes a .c program in a text editor with 30 lines of "echo" commands that contain a message. [Password] is a set string in the code. User is prompted for input and if it matches the password, the 30 lines print to screen.

Because a .c file is complied, the executable cannot be read.

Imagine the executable masked in an archive or linked in the cloud to download instead of attached.

Is this rocket science?

That's where you're wrong.

All the recipient has to do is open the file using Notepad or Wordpad or Word or any text editor. Among a bunch of unreadable gibberish (the actual program code) your message will appear, clear as day.

Of course anything we can see or hear we can capture, but a specific requirement of this project is no deciphered data file. The encrypted file is o-kay, but it can only be deciphered to screen. It also cannot require installations, accounts or esoteric commands.

If this is true my memory failed. I thought binary jumbled everything up.

If that's your level of understanding, stop trying to create your own tool: you need to re-use existing proven tools or you will almost certainly not achieve your desired level of security.


(Where "the cloud" is nothing more than someone else's computer.)

You have not justified your need for an executable file, and - if you're willing for people to download that file in a browser - you don't need one. (And can avoid a bunch of issues by not using one.)

Encryption algorithms can be implemented in JavaScript, thus a single non-cached HTML file containing your encrypted text can probably solve all your requirements.

1 members found this post helpful.

So this sounds very much like a standard XY problem. Think about what you just wrote here, because:

• You don't want software....
• ...but you want an executable (which is software, isn't it?)....
• ...that you don't have to install (how else would you run it??)...
• ...and you don't want to use esoteric commands (which would be anything non-standard on the system, including this magic executable that you don't install or run)

Sound about right??? And then you add:
So you *DO* want them to install the executable by double-clicking it...yet 99.X% of email systems won't let the EXE through, since it'll be flagged as a virus.

You could just do what most others do; use the widely accepted PGP systems available for pretty much every system, and send your emails that way. Abundant documentation/examples on how to do it, along with plugins for most email systems.

What you quoted is not a level of understanding, but a function. It's the real world, not computer science. Success is when the goal is ethically achieved, not adherance to a technical standard.

I wouldn't think of trying to write a program if an app met my requirements. There are a lot of sledgehammers out there, but no screw drivers. Anyone with intelligent advice would point me to a screw driver.

Goals:

• a password-encrypted message
• no automatically saved deciphered file output
• no recipient installations, exotic command lines, services & very little recipient thought (Windows recipient, Linux or Windows sender)

My level of security is modest encryption kept as away from 3rd parties as possible.