Encrypt Password - Decrypt same

Alex Tweedly alex at tweedly.net
Mon Nov 29 17:36:34 EST 2004 

At 13:31 29/11/2004 -0800, Jan Schenkel wrote:

>--- Steve Bonham <sbonham at georgiasouthern.edu> wrote:
> > I'm using DreamCard 2.5.
> >
> > Steve
> >
>
>On the runrev.com website you cn find the differences
>between Dreamcard and the other Revolution editions :
><http://www.runrev.com/section/platform.php>
>
>When I opened the documentation to find more
>information for the 'encrypt' command, I noticed at
>the bottom of the text that it "is part of the SSL &
>Encryption library"
>
>So it could be that 'encrypt' doesn't work inside
>Dreamcard --

Definitely the case - on http://revolution.runrev.com/section/whats_new.php 
it says
>Industrial strength encryption
>Encrypt and decrypt data for all commerce and secure applications using 
>industrial strength encryption (Revolution only).
so it's pretty clear that it would not be supported in Dreamcard (and 
certainly it never returns any value for me, in Dreamcard).

>however, you can sue a simple 'compress'
>/ 'decompress' pair as a subsitute codec :
>--
>put compress(field "password") into \
>     URL "binfile:password.bin"
>--
>put decompress(URL "binfile:password.bin") into \
>     field "password"

Or, since you never need to retrieve the password, but merely ensure that 
it has been reproduced ....

put binarydecode("H32", md5Digest(field "password" & "my secret string"), 
myVar)
put myVar into URL "file:password.hex"

and subsequently
put URL "file:password.hex" into correctValue
put binarydecode("H32", md5Digest(field "password" & "my secret string"), 
myVar)
if myVar <> correctValue then
    .... password is wrong ...
end if


>It's always a good idea to include an md5digest in
>your  file to make sure nobody has tinkered it.

Yep. I'd go with that too, just to be extra sure no-one has tinkered with 
it improperly.


BTW - if you are using Dreamcard, do you plan to distribute the stack with 
the player ?
Dreamcard won't allow you to build standalones.  If you distribute the 
stack, you'll need to be careful about password protecting the stack - raw 
stacks can be easily read in any "text" editor which could make your 
password mechanism too clear to the enterprising student.

-- Alex.

More information about the use-livecode mailing list