home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The World of Computer Software
/
The World of Computer Software.iso
/
pw401.zip
/
PASSWORD.DOC
< prev
next >
Wrap
Text File
|
1992-12-16
|
14KB
|
301 lines
PASSWORD 4.01
(c)1992 Ray Dittmeier
DESCRIPTION
PASSWORD is designed with two main ideas in mind. The
first is that a good password protection program shouldn't
look like a password protection program, and the second is
that even though you can't keep a determined expert out no
matter what you do, you can at least design a feature or two
that will probably keep most folks out, and that will tip
you off if someone has been poking around at your system.
When PASSWORD starts, it gives you a normal-looking but
phony C> prompt. Type in anything but the correct password,
and the program gives a "Bad command or file name" message.
After a specified number (chosen by you) of wrong guesses,
it goes into an endless loop of giving the phony C> prompt,
accepting input, running the disk drive a little (for the
sake of realism), and giving the error message. The only
way out of the loop is to reboot the computer. What we hope
is that the intruder will think something is wrong with the
computer, give up, and go down to the corner bar for a beer.
However, typing in the correct password will cause the
program to display a message telling you the time and date of
the last attempted access, and whether or not the correct
password was entered.
FILES YOU SHOULD HAVE:
1. PASSWORD.EXE--The main program.
2. NEW.EXE--A utility program that allows you to change the
password.
4. PASSWORD.DOC--This documentation file.
The password provided with the program is "hello"
(without the quotation marks). The program is case-
sensitive, meaning that upper case letters and lower case
letters are not interchangeable.
RUNNING THE PROGRAM:
PASSWORD is designed to be run from your AUTOEXEC.BAT
file. Since batch files can be terminated early by hitting
Control-C, PASSWORD should run as early in your AUTOEXEC.BAT
as possible. This will give your intruder less opportunity
to cut it off. Ideally, PASSWORD should be preceeded only
by ECHO OFF (or @ECHO OFF), and by the PATH command if
necessary (discussed below). After displaying the above-
mentioned "last attempted access" information, PASSWORD waits
for you to press any key to continue. This way, you have the
opportunity to read the message and still run subsequent
programs from AUTOEXEC.BAT.
You can include command-line parameters in calling the
program. (Command-line parameters are merely commands you
type after the name of a program at the DOS prompt. For
example, when you type FORMAT A:, the A: is a parameter.)
These parameters allow you to choose certain optional
features. They can be numbers, single letters, and/or a file
name. They can be typed in any order, and must be separated
by spaces. The parameters, and what they do, are:
(any number) : Tells PASSWORD to give the user the given
number of chances to enter the correct password before going
into the endless loop. For example, if you run the program
with
PASSWORD 5
the program will go into the endless loop after the fifth
time something wrong is typed in. Of course, if the right
password is entered before the fifth input, the last access
information is displayed immediately, and the program
proceeds onward from there. If no parameter is given,
PASSWORD gives you, by default, three chances. If 0 (number
zero) is entered, the program will continue to accept input
until the correct password is typed in, no matter how many
times the user tries. (This version of the program, 4.01,
fixes a bug that was present in verson 4.0, which prevented
this option from working properly. It's okay now.)
A : This parameter tells PASSWORD to sound an alarm each
time an incorrect password is entered.
O : This parameter will cause PASSWORD to simulate loading a
different operating system when it starts. You will see
a message that the "The Delta Operating System is being
loaded," with some disk drive activity, and you will see
a different prompt. But the PASSWORD program will still
operate exactly as it should. The idea is, of course, to
try to confuse the intruder.
W : This parameter will cause PASSWORD to execute a warm
boot after the last-allowed incorrect password is entered.
For example, if you're using the program with the default
of allowing three incorrect passwords, W will warm boot
the computer after the third entry. Of course, if you use
0, giving users an unlimited number of guesses, there will
be no warm boot.
The following four parameters affect the screen display
only. The PASSWORD program will still recognize the real
letters you type from the keyboard. These options are
designed to further confuse intruders, but can also be
useful if you're likely to be entering your password with
someone looking over your shoulder.
R : Displays a randomly chosen ASCII character instead of the
actual letter typed from the keyboard. Remember that
some of the ASCII codes, when sent to the screen, will
do things like give you carriage returns, backspaces,
beeps, etc., which may be distracting. So with R, it might
take a bit of extra concentration to get the password
correct.
D : Displays a dot (period) instead of the letter typed.
N : Displays nothing in response to keyboard entry (until
the Enter key is pressed).
B : Clears the screen and displays nothing at all--not even
a cursor.
PASSWORD will recognize only one of the R, P, N, or B choices.
If you enter two or more on your command line, the program will
use the one that comes first. Also, the program does not run
the disk drive or display error messages with N and B.
Any file name (as a parameter):
First, a brief (I hope) explanation.
The program maintains a text file called PLS.COM, which
contains:
1. The current password,
2. The date and time of the last attempted access, and
3. Whether the correct password was given.
The .COM extension in the file name is just in case
an intruder gets in and pulls up a directory listing. He's
not likely to try to look at the file with the "TYPE" command,
since he'll think it's a program; but even if he does for
some weird reason, he'll just see high-ASCII graphics
characters because the file's encrypted--hopefully giving the
appearance of an authentic .COM file.
Obviously, PLS.COM will be read from, and written to,
every time you start your computer. But it was brought to
my attention by a user of an earlier version of PASSWORD that
his virus-detection program sounds an alarm every time an
.EXE or .COM file is modified. Not a big deal. In this case,
I like the idea (thus the A option described above). But it
occurs to me that modifying a .COM file could be a real
problem with other virus-detection schemes.
So I've provided the possibility to have PASSWORD use a
name other than PLS.COM for its text file. Simply enter the
new name you want to use for the text file as a command-line
parameter, and PASSWORD will use that name instead. This
file doesn't have to be in the same subdirectory with PASSWORD;
if you don't want it there, specify the full subdirectory name
or make sure it's in a subdirectory included in your PATH
command.
If you use this feature, please make sure to do two
things:
1. Make absolutely sure that the new name you use isn't the
name of a file that already exists. Otherwise, PASSWORD
won't work correctly, and you'll destroy the already-
existing file that has that name.
2. Test-run PASSWORD after you set it up to use the new file
name. If you've make a mistake in typing in the new file
name, PASSWORD will display the error message "Illegal
file name for PASSWORD data file." In this case, the
problem is probably one of two things. Either you've
used an illegal file name (consult your DOS manual for
guidelines on legal file names), or you've specified a
subdirectory that doesn't exist on your system.
EXAMPLES
PASSWORD A R 4
will run PASSWORD with the alarm option, have it display random
ASCII characters, and give the user four chances to enter the
correct password.
PASSWORD O 0 C:\DOS\SAMPLE.TXT
will run password with the simulation of another operating system,
give the user an unlimited number of chances to enter the correct
password, and use a file called SAMPLE.TXT (located in the
subdirectory C:\DOS) instead of PLS.COM.
PASSWORD N B
will run password with the N parameter option only--it can't run
both N and B, and N appears first on the command line.
PASSWORD O B
This is one I particularly like. It gives the simulation of the
other operating system, leaving the "Delta" message at the top of
the screen, but gives no prompt or cursor. It gives the appearance
that loading Delta locked up the machine.
OTHER FEATURES
If someone who shouldn't know the password is looking
over your shoulder, you can type the word DOTS (in upper
or lower case). You will then get another fake C> prompt
(or fake Delta prompt), and all further input will appear
on the screen as periods, just as it does with the P parameter.
The program will not count your entry of DOTS in determining
when to enter the endless loop. This feature is included
because running PASSWORD from AUTOEXEC.BAT with the P option
would give the periods every time the computer starts. Some
users might only want the dots occasionally.
I named PASSWORD and NEW as I did to make them easy for
you to identify. However, this will, at least in the case
of PASSWORD, make identification easy for the intruder also,
should he happen to get in. You may want to rename them to
something less obvious. If you do, though, keep in mind
that they must have the .EXE extension in order to run.
Also, you can place each file in a different directory.
If you do this, be sure of two things about your AUTOEXEC.BAT
file: (1) PLS.COM (or the renamed version) is in a directory
listed in the PATH command, and (2) the PATH command comes
before the call to PASSWORD.
CHANGING THE PASSWORD
To change the password, I've provided NEW.EXE. It,
too, starts with the phony C> prompt. Enter the current
password, and the program then prompts you to type in your
new password. The new password can be up to 200 characters
long and can include any character that can be typed on the
keyboard, including spaces (NEW will accept the Escape key
and the combination of Control + a letter as part of the
password, but PASSWORD will not accept these keys, so don't
use them.). NEW then replaces the old password in PLS.COM
with an encrypted version of the new one. The last access
information contained in the file is preserved. If, at the
phony C> prompt, you enter the wrong password, or if NEW
can't find PLS.COM, the program harmlessly goes back to DOS.
A FEW OTHER NOTES:
If PLS.COM isn't present (such as the first time you
run the program, or if something happens to erase it),
PASSWORD will create a new one. The only way you will know
this has happened will be if you are sure you have entered
the correct password but are still denied access. In this
case, the password will be "hello."
When PASSWORD creates a new PLS.COM, it will be in the
same subdirectory as the program itself, unless you've
specified a different subdirectory with the "rename PLS.COM"
option described above.
After entering the correct password, keep in mind that
if the message indicates the password was not given, this still
doesn't mean the intruder didn't get in. He may have figured
out that he was dealing with some kind of security system and
rebooted with a floppy disk in drive A. Of course, PASSWORD has
no way of knowing if this happens, but if the intruder starts out
by trying to boot off the hard drive (and that's the most likely
thing he'd do), you'll at least know someone was there. A hedge
against this would be to include PASSWORD in the AUTOEXEC.BAT of
each of your bootable floppy disks (The password program doesn't
have to be on the disk; just specify C: and the path in the line
that calls it). This way, the intruder will have to bring his own
disk in order to avoid PASSWORD.
I was careful to design PASSWORD so that it would run
smoothly if used correctly, and I'm sure I succeeded.
Further, the possibility of disaster is, to the best of my
knowledge, nonexistent, because you can always bypass
PASSWORD by booting off drive A. However, since this is a
harsh and unpredictable world, and since I've seen people do
many weird and impossible things on computers, I feel it's
prudent to disclaim responsibility for any disasters that may
result from the use of this software. I'm happy to help
with whatever problems I can, but don't send me a bill for
a new computer.
Finally, I'm distributing this as shareware. Feel free
to copy it and pass it around; just be sure to keep all the
files together. If you use and like PASSWORD, please
register it for $12.00, and I'll send you a disk with more
programs. Also, I'd like to receive any comments,
criticisms, or suggestions you may have, and I'll be glad to
answer questions. Send all correspondence to:
Ray Dittmeier
P.O. Box 4724
Louisville, Ky. 40204
E-mail can be sent on GEnie to R.DITTMEIER, or on CompuServe to
71650,1214.