LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 04-15-2021, 05:18 PM   #1
JASlinux
Member
 
Registered: Oct 2020
Posts: 95

Rep: Reputation: Disabled
Question password template routine in C (novice)


Is there a password template routine in C that a complete novice can use for a message?

Pseudocode

BEGIN
Prompt "Password:"
correct password = > print message
ELSE print string "Try again."
ENDIF
END


I need to send private messages without software, installations, or esoteric commands. A complied C executable for Windows to download or e-mail would work.
 
Old 04-15-2021, 07:31 PM   #2
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,316
Blog Entries: 13

Rep: Reputation: 4372Reputation: 4372Reputation: 4372Reputation: 4372Reputation: 4372Reputation: 4372Reputation: 4372Reputation: 4372Reputation: 4372Reputation: 4372Reputation: 4372
Quote:
Originally Posted by JASlinux View Post
Is there a password template routine in C that a complete novice can use for a message?

Pseudocode

BEGIN
Prompt "Password:"
correct password = > print message
ELSE print string "Try again."
ENDIF
END


I need to send private messages without software, installations, or esoteric commands. A complied C executable for Windows to download or e-mail would work.
Suggest you perform a search for password libraries github seems to have quite a few.

By the way, most email systems will disallow EXE files.
 
Old 04-17-2021, 09:36 AM   #3
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,490

Rep: Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532Reputation: 5532
Quote:
Originally Posted by JASlinux View Post
I need to send private messages without software, installations, or esoteric commands. A complied C executable for Windows to download or e-mail would work.
A windows executable is definitely an esoteric command (for passwords) on linux. You can only send messages using some kind of software, so I do not really understand these requirements.
By the way, what kind of OS, environment is it?
 
Old 04-18-2021, 07:04 AM   #4
JASlinux
Member
 
Registered: Oct 2020
Posts: 95

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by pan64 View Post
A windows executable is definitely an esoteric command (for passwords) on linux. You can only send messages using some kind of software, so I do not really understand these requirements.
By the way, what kind of OS, environment is it?
I want the program to work in Windows.
I'm in Linux.

I don't know if Windows has any open source compilers available.
Maybe the source code is different, but

it's a very basic program:

prompt for a password
match => print an internal message to screen

I can use either os if they have different coding requirements.

I don't write programs, so I don't know how to prompt for a password.
 
Old 04-18-2021, 08:52 AM   #5
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_12{.0|.1}
Posts: 5,616
Blog Entries: 11

Rep: Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655
Write your message and save as plain text, then zip the file using zip's password encryption option... user unzips using the password and opens the file... no software not normally found on their end, no hassles.
 
Old 04-18-2021, 09:51 AM   #6
JASlinux
Member
 
Registered: Oct 2020
Posts: 95

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by astrogeek View Post
Write your message and save as plain text, then zip the file using zip's password encryption option... user unzips using the password and opens the file... no software not normally found on their end, no hassles.
I very specifically want an encrypted message that requires no installations or actions on part of the recipient beyond clicking on the executable and entering a password, AND I do not want an automatically deciphered output file (of course anything can be captured deliberately) - just a message on screen.
 
Old 04-18-2021, 11:39 AM   #7
gouttegd
Member
 
Registered: Nov 2019
Location: London, UK
Distribution: Slackware
Posts: 68

Rep: Reputation: 123Reputation: 123
What is your threat model? Who should not be able to read those private messages?

The pseudocode you are suggesting is absolutely not secure: Just because your hypothetical program does not print the message unless the correct password has been entered, it will not prevent anyone from getting the message just by looking inside the program file itself. No sophisticated tools would even be required to do that: a standard tool like strings(1) would be enough. To have some security, the message would need to be stored encrypted within the program. But that raises the difficulty significantly.

Then, even assuming you can write such a program, since you are on Linux and you want the program to run on Windows, you need to cross-compile it. Doyou have a cross-compiler targeting Windows on your Linux system? If not, do you know how to get one? (Hint: look for mingw32; itís already packaged in some distributions.)

Then, assuming you have a cross-compiled binary ready to be sent, thereís the issue raised by rtmistler above: many email providers will not let a message containing an executable file pass through them. At best, they will let the message pass but without the attachment; at worst, they will silently discard the message, which will never reach the intended recipient.

Then, assuming your message somehow reaches the recipient, thereís the fact that we have spent the last 30 years educating email users not to blindly execute any attachment they receive. Asking your recipients to do just that is a disservice to them.

And finally: How could your recipients be sure that this message they received, containing an executable attachment that they are asked to execute, really comes from you? How can you and they be sure that the executable they have received is the one you sent, and that it has not been tampered with in transit to maybe replace it with a virus?

What you want to do, the way you want to do it, will most likely not guarantee the confidentiality of your messages, may not even work if your emails are blocked because of the executable attachments, and may jeopardize your recipientsí systems.

There are ways to send secure emails, but they all imply that users on both sides have to make some effort. Thatís just the way it is.
 
1 members found this post helpful.
Old 04-18-2021, 12:26 PM   #8
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,063

Rep: Reputation: Disabled
Quote:
Originally Posted by JASlinux View Post
I very specifically want an encrypted message that requires no installations or actions on part of the recipient beyond clicking on the executable and entering a password, AND I do not want an automatically deciphered output file (of course anything can be captured deliberately) - just a message on screen.
I have to say this sounds a tiny bit like homework, but anyway:

If you're looking for a way to verify a password that's hardcoded in the .exe without the password being immediately visible in a hex editor, you should store the (salted) hash of the password. The bcrypt.h header contains some useful functions, like BCryptHashData. And here's an example of how one might use it.

As gouttegd said above, to hide the message inside the .exe from prying eyes you'll have to encrypt it. And then you'll have a really hard time trying to send it to anyone, unless you put it inside an encrypted and password-protected .zip file.

Last edited by Ser Olmy; 04-18-2021 at 12:51 PM.
 
1 members found this post helpful.
Old 04-22-2021, 10:19 AM   #9
JASlinux
Member
 
Registered: Oct 2020
Posts: 95

Original Poster
Rep: Reputation: Disabled
Confirm to the contrary if you will:

gouttegd writes a .c program in a text editor with 30 lines of "echo" commands that contain a message. [Password] is a set string in the code. User is prompted for input and if it matches the password, the 30 lines print to screen.

Because a .c file is complied, the executable cannot be read.

Imagine the executable masked in an archive or linked in the cloud to download instead of attached.

Is this rocket science?

Quote:
Originally Posted by gouttegd View Post
What is your threat model? Who should not be able to read those private messages?

The pseudocode you are suggesting is absolutely not secure: Just because your hypothetical program does not print the message unless the correct password has been entered, it will not prevent anyone from getting the message just by looking inside the program file itself. No sophisticated tools would even be required to do that: a standard tool like strings(1) would be enough. To have some security, the message would need to be stored encrypted within the program. But that raises the difficulty significantly.
 
Old 04-22-2021, 10:25 AM   #10
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,063

Rep: Reputation: Disabled
Quote:
Originally Posted by JASlinux View Post
Because a .c file is complied, the executable cannot be read.
That's where you're wrong.

All the recipient has to do is open the file using Notepad or Wordpad or Word or any text editor. Among a bunch of unreadable gibberish (the actual program code) your message will appear, clear as day.
 
Old 04-22-2021, 10:27 AM   #11
JASlinux
Member
 
Registered: Oct 2020
Posts: 95

Original Poster
Rep: Reputation: Disabled
Of course anything we can see or hear we can capture, but a specific requirement of this project is no deciphered data file. The encrypted file is o-kay, but it can only be deciphered to screen. It also cannot require installations, accounts or esoteric commands.

Quote:
Originally Posted by astrogeek View Post
Write your message and save as plain text, then zip the file using zip's password encryption option... user unzips using the password and opens the file... no software not normally found on their end, no hassles.
 
Old 04-22-2021, 10:31 AM   #12
JASlinux
Member
 
Registered: Oct 2020
Posts: 95

Original Poster
Rep: Reputation: Disabled
If this is true my memory failed. I thought binary jumbled everything up.

Quote:
Originally Posted by Ser Olmy View Post
That's where you're wrong.

All the recipient has to do is open the file using Notepad or Wordpad or Word or any text editor. Among a bunch of unreadable gibberish (the actual program code) your message will appear, clear as day.
 
Old 04-22-2021, 12:10 PM   #13
boughtonp
Senior Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 1,339

Rep: Reputation: 1132Reputation: 1132Reputation: 1132Reputation: 1132Reputation: 1132Reputation: 1132Reputation: 1132Reputation: 1132Reputation: 1132
Quote:
Originally Posted by JASlinux View Post
[Password] is a set string in the code. User is prompted for input and if it matches the password, the 30 lines print to screen.
If that's your level of understanding, stop trying to create your own tool: you need to re-use existing proven tools or you will almost certainly not achieve your desired level of security.


Quote:
Originally Posted by JASlinux View Post
I very specifically want an encrypted message that requires no installations or actions on part of the recipient beyond clicking on the executable and entering a password, AND I do not want an automatically deciphered output file (of course anything can be captured deliberately) - just a message on screen.
Quote:
Originally Posted by JASlinux View Post
Imagine the executable masked in an archive or linked in the cloud to download instead of attached.
(Where "the cloud" is nothing more than someone else's computer.)

You have not justified your need for an executable file, and - if you're willing for people to download that file in a browser - you don't need one. (And can avoid a bunch of issues by not using one.)

Encryption algorithms can be implemented in JavaScript, thus a single non-cached HTML file containing your encrypted text can probably solve all your requirements.

 
1 members found this post helpful.
Old 04-22-2021, 12:26 PM   #14
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 23,810

Rep: Reputation: 6974Reputation: 6974Reputation: 6974Reputation: 6974Reputation: 6974Reputation: 6974Reputation: 6974Reputation: 6974Reputation: 6974Reputation: 6974Reputation: 6974
Quote:
Originally Posted by JASlinux View Post
Is there a password template routine in C that a complete novice can use for a message?

Pseudocode

BEGIN
Prompt "Password:"
correct password = > print message
ELSE print string "Try again."
ENDIF
END

I need to send private messages without software, installations, or esoteric commands. A complied C executable for Windows to download or e-mail would work.
So this sounds very much like a standard XY problem. Think about what you just wrote here, because:
  • You don't want software....
  • ...but you want an executable (which is software, isn't it?)....
  • ...that you don't have to install (how else would you run it??)...
  • ...and you don't want to use esoteric commands (which would be anything non-standard on the system, including this magic executable that you don't install or run)
Sound about right??? And then you add:
Quote:
Originally Posted by JASlinux
I very specifically want an encrypted message that requires no installations or actions on part of the recipient beyond clicking on the executable and entering a password, AND I do not want an automatically deciphered output file (of course anything can be captured deliberately) - just a message on screen.
So you *DO* want them to install the executable by double-clicking it...yet 99.X% of email systems won't let the EXE through, since it'll be flagged as a virus.

You could just do what most others do; use the widely accepted PGP systems available for pretty much every system, and send your emails that way. Abundant documentation/examples on how to do it, along with plugins for most email systems.
 
Old 04-23-2021, 02:26 AM   #15
JASlinux
Member
 
Registered: Oct 2020
Posts: 95

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by boughtonp View Post
If that's your level of understanding, stop trying to create your own tool: you need to re-use existing proven tools or you will almost certainly not achieve your desired level of security.
What you quoted is not a level of understanding, but a function. It's the real world, not computer science. Success is when the goal is ethically achieved, not adherance to a technical standard.

I wouldn't think of trying to write a program if an app met my requirements. There are a lot of sledgehammers out there, but no screw drivers. Anyone with intelligent advice would point me to a screw driver.

Goals:
  • a password-encrypted message
  • no automatically saved deciphered file output
  • no recipient installations, exotic command lines, services & very little recipient thought (Windows recipient, Linux or Windows sender)

My level of security is modest encryption kept as away from 3rd parties as possible.
 
  


Reply

Tags
encryption, messaging, passwords


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Since my last routine update monitor shuts down after entering user name & password kaikhoeta Linux - Software 4 03-13-2014 12:18 PM
Resume creator - export options : template vs non-template approach vharishankar Programming 1 12-07-2011 11:11 PM
from django.template import Template, gives output firedancer Linux - Newbie 0 11-30-2007 02:08 PM
Template class with a template member... Nicholas Bishop Programming 3 02-21-2005 08:27 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 12:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration