locked
Any good password schemes for VB stand-alone Pgms? RRS feed

  • General discussion

  • Has anyone come up with a way to password protect a stand-alone (non-network, non-Web), Visual Basic program?
    • Changed type dahermit Saturday, April 14, 2012 4:24 PM Became G.D.
    Thursday, April 12, 2012 8:10 PM

All replies

  • What are you protecting, access to algorithms, or unofficial distribution, copying from one computer to another (multi-use)? Or do you, literally, want a password to access the application?

    Access to the source code is typically done through an obfsucator - makes the code hard to read.

    Unofficial distribution can be deterred using a private-public key pair, likewise with simply copying the license. You can tie a license to a specific machine by creating a 'challenge' key from known hardware configuration which the customer/user would give you. You would encrypt using a private key, and give them a 'response' key. The response key can be matched to the 'challenge' key using the public key, but the 'response' key can only be created using your private key. Essentially, the 'challenge' key is a digital signature.

    The only sure way is to either have online authentication, or a hardware key.

    As far as passwords go, I'd rely on the windows built-in user authentication.


    Stephen J Whiteley


    • Edited by SJWhiteley Thursday, April 12, 2012 8:37 PM
    Thursday, April 12, 2012 8:36 PM
  • What are you protecting, access to algorithms, or unofficial distribution, copying from one computer to another (multi-use)? Or do you, literally, want a password to access the application?

    Access to the source code is typically done through an obfsucator - makes the code hard to read.

    Unofficial distribution can be deterred using a private-public key pair, likewise with simply copying the license. You can tie a license to a specific machine by creating a 'challenge' key from known hardware configuration which the customer/user would give you. You would encrypt using a private key, and give them a 'response' key. The response key can be matched to the 'challenge' key using the public key, but the 'response' key can only be created using your private key. Essentially, the 'challenge' key is a digital signature.

    The only sure way is to either have online authentication, or a hardware key.

    As far as passwords go, I'd rely on the windows built-in user authentication.


    Stephen J Whiteley


    I am interested a password to keep someone from running the application. I have come up with an incription program that encodes plain text messages before sending, the program being required to unencript messeage when received. I have deceided to run the password through the program code (converted to a function), and stop the program if the password file is either missing or the password does not match the input. I was wondering if anyone else has come up with their own encodeing scheme.

    "...Access to the source code is typically done through an obfsucator - makes the code hard to read..."  I thought that in order to access the source code after being compiled, one must use a decompiler?  Do you mean to say that source code is not very secure?

    Friday, April 13, 2012 2:06 AM
  • Deharmit,

    I'm currious what you try to achieve with this.

    I know it was done like this 25 years ago, but I see seldom anymore professional software which uses their own logon and password. Be also aware that a password should never be decryptable for whatever system engineer, not even if that one is in company. An end user can use one password which he also uses for his bank accounts.  

    Be aware that environment.username does also work on a non Lan Windows computer.

    http://msdn.microsoft.com/en-us/library/system.environment.username.aspx

    (Although I agree with you that if you search in the documentation Microsoft seems to think that stand alone security solutions like for Game computers and Phones are for kids).


    Success
    Cor

    Friday, April 13, 2012 5:28 AM
  • Use a login form which saves the individual settings for a registrated user. You can do this by MySettings.
    For a first start you might need a unlock prcedure but this is another theme.

    Liebe Grüße Stefan | Cheers Stefan I'm using VB 2008 and VB 2010 Express Be a good forum member - mark posts that contain the answers to your questions or those that are helpful. c# in vb Translator: http://www.developerfusion.com/tools/convert/csharp-to-vb/

    Friday, April 13, 2012 6:53 AM
  • "...I'm currious what you try to achieve with this..."

    As a "hobbie".  I have always been fasenated with all things WWII.  Re: The German WWII Enigma Code Machine.  Although there are several encrypting systems that will be much better than what I come up with, just for fun, I have created a code and de-code program that outputs random numbers that have the code embeded, but hopefully, undetectable/unreadable.  Then, it occured to me that, if I put the encoding sceme into a function, I could also encrypt a password also.

    Friday, April 13, 2012 11:32 AM
  • Now it has occured to me that I could just as well encrypt a password and enbed it into the message where it had to exist in order to decrypt the message...It would provide the same level(or better) of security and be more convienient than fooling with a password to use the program.
    Saturday, April 14, 2012 4:10 PM