password template routine in C (novice)
Is there a password template routine in C that a complete novice can use for a message?
Pseudocode BEGIN Prompt "Password:" correct password = > print message ELSE print string "Try again." ENDIF END I need to send private messages without software, installations, or esoteric commands. A complied C executable for Windows to download or e-mail would work. |
Quote:
By the way, most email systems will disallow EXE files. |
Quote:
By the way, what kind of OS, environment is it? |
Quote:
I'm in Linux. I don't know if Windows has any open source compilers available. Maybe the source code is different, but it's a very basic program: prompt for a password match => print an internal message to screen I can use either os if they have different coding requirements. I don't write programs, so I don't know how to prompt for a password. |
Write your message and save as plain text, then zip the file using zip's password encryption option... user unzips using the password and opens the file... no software not normally found on their end, no hassles.
|
Quote:
|
What is your threat model? Who should not be able to read those private messages?
The pseudocode you are suggesting is absolutely not secure: Just because your hypothetical program does not print the message unless the correct password has been entered, it will not prevent anyone from getting the message just by looking inside the program file itself. No sophisticated tools would even be required to do that: a standard tool like strings(1) would be enough. To have some security, the message would need to be stored encrypted within the program. But that raises the difficulty significantly. Then, even assuming you can write such a program, since you are on Linux and you want the program to run on Windows, you need to cross-compile it. Doyou have a cross-compiler targeting Windows on your Linux system? If not, do you know how to get one? (Hint: look for mingw32; it’s already packaged in some distributions.) Then, assuming you have a cross-compiled binary ready to be sent, there’s the issue raised by rtmistler above: many email providers will not let a message containing an executable file pass through them. At best, they will let the message pass but without the attachment; at worst, they will silently discard the message, which will never reach the intended recipient. Then, assuming your message somehow reaches the recipient, there’s the fact that we have spent the last 30 years educating email users not to blindly execute any attachment they receive. Asking your recipients to do just that is a disservice to them. And finally: How could your recipients be sure that this message they received, containing an executable attachment that they are asked to execute, really comes from you? How can you and they be sure that the executable they have received is the one you sent, and that it has not been tampered with in transit to maybe replace it with a virus? What you want to do, the way you want to do it, will most likely not guarantee the confidentiality of your messages, may not even work if your emails are blocked because of the executable attachments, and may jeopardize your recipients’ systems. There are ways to send secure emails, but they all imply that users on both sides have to make some effort. That’s just the way it is. |
Quote:
If you're looking for a way to verify a password that's hardcoded in the .exe without the password being immediately visible in a hex editor, you should store the (salted) hash of the password. The bcrypt.h header contains some useful functions, like BCryptHashData. And here's an example of how one might use it. As gouttegd said above, to hide the message inside the .exe from prying eyes you'll have to encrypt it. And then you'll have a really hard time trying to send it to anyone, unless you put it inside an encrypted and password-protected .zip file. |
Confirm to the contrary if you will:
gouttegd writes a .c program in a text editor with 30 lines of "echo" commands that contain a message. [Password] is a set string in the code. User is prompted for input and if it matches the password, the 30 lines print to screen. Because a .c file is complied, the executable cannot be read. Imagine the executable masked in an archive or linked in the cloud to download instead of attached. Is this rocket science? Quote:
|
Quote:
All the recipient has to do is open the file using Notepad or Wordpad or Word or any text editor. Among a bunch of unreadable gibberish (the actual program code) your message will appear, clear as day. |
Of course anything we can see or hear we can capture, but a specific requirement of this project is no deciphered data file. The encrypted file is o-kay, but it can only be deciphered to screen. It also cannot require installations, accounts or esoteric commands.
Quote:
|
If this is true my memory failed. I thought binary jumbled everything up.
Quote:
|
Quote:
Quote:
Quote:
You have not justified your need for an executable file, and - if you're willing for people to download that file in a browser - you don't need one. (And can avoid a bunch of issues by not using one.) Encryption algorithms can be implemented in JavaScript, thus a single non-cached HTML file containing your encrypted text can probably solve all your requirements. |
Quote:
Quote:
You could just do what most others do; use the widely accepted PGP systems available for pretty much every system, and send your emails that way. Abundant documentation/examples on how to do it, along with plugins for most email systems. |
Quote:
I wouldn't think of trying to write a program if an app met my requirements. There are a lot of sledgehammers out there, but no screw drivers. Anyone with intelligent advice would point me to a screw driver. Goals:
My level of security is modest encryption kept as away from 3rd parties as possible. |
All times are GMT -5. The time now is 08:40 PM. |