NetNews Usenet Archive 1993 #3

home *** CD-ROM | disk | FTP | other *** search

/ NetNews Usenet Archive 1993 #3 / NN_1993_3.iso / spool / comp / sys / mac / hypercar / 4923 < prev next >

Wrap

Text File | 1993-01-25 | 3.8 KB | 106 lines

Newsgroups: comp.sys.mac.hypercard Path: sparky!uunet!cs.utexas.edu!hellgate.utah.edu!lanl!davids From: davids@gardener.lanl.gov (David G. Simmons) Subject: Re: Hide text strings in a stack? Message-ID: <1993Jan25.154430.19460@newshost.lanl.gov> Originator: davids@feynman.lanl.gov Sender: news@newshost.lanl.gov Organization: Los Alamos National Laboratory References: <B0aoXB3w165w@bbs.draco.bison.mb.ca> <1BRRXB9w165w@bbs.draco.bison.mb.ca> Date: Mon, 25 Jan 1993 15:44:30 GMT Lines: 93 In article <1BRRXB9w165w@bbs.draco.bison.mb.ca>, grub@bbs.draco.bison.mb.ca (Gordon Grieder) writes: |> |> In a message written on 19 Jan 93 22:42:28 GMT, broun@apple.com (Kevin |> Broun) writes: |> > |> > I'm using the Mount XCMD to mount a password-protected AppleShare server |> > volume. Can anybody out there recommend a relatively secure way to hide |> > a |> > couple of short text strings (username & password) somewhere in a stack |> > (maybe encrypted somehow or in a resource), where they can be retrieved |> > by |> > a script that would then call the Mount XCMD? |> > |> > Just putting the strings in a script and using "Protect Stack" isn't |> > sufficient since many word processors can just open up the data fork of |> > the |> > stack and see the scripts... Thanks for your help! |> |> a simple chaaracter shift system should keep out most prying eyes; |> ie- A=C B=D C=E.... |> |> thus ECV=CAT |> |> (or try using ROT-13 ;-) |> |> |> Keep in mind that no simple system such as this would keep out even a mildy |> skilled hack. Hypercard wasn't designed with top-notch security in mind. |> I though that generating a random number to add into the mix would keep out most prying eyes, something like this (though it is not tested, and being made up right here on the spot...) function encode passwd put random(50) into item 1 of passW repeat with x = 1 to the number of chars in passwd put numtochar(chartonum(char x of passwd) + item 1 of passW) into char x of item 2 of passW end repeat return passW end encode function decode passwd repeat with x = 1 to the number of chars in item 2 of passwd put numtochar(chartonum(char x of item 2 of passwd) - item 2 of passwd) into char x of item 2 of passwd end repeat return item 2 of passwd end decode By using CompileIt! to compile these two functions into XFCNs (they are less than 10 lines each, so the FREE demo version of CompileIt! could be used), prying eyens would not be able to see the encoding, or decoding scheme used. even adding or subtracting a constant inside the function would obfuscate even further, since any pryer could only see the returned random value, and not the additional coinstant that would be needed to decode the password. It might take some additional tweaking, so that the numtochar() function did not make the resultant character an impossible result for a char, but other than that, it *should* work. Que no? Then all you have to do is... on EnterpassWord ask password "Enter your passsord:" if it is not empty then put it into temp ask password "Once more for verification:" if it = temp then put encode(it) into fld "StorePass" else exit enterpassWord end if end EnterpassWord on exitPassword ask password "Enter your Password:" if it is not empty then put decode(it) into decoded if decoded <> fld "storePass" then answer "Nice try Hack!" end exitPassword Anyway, none of this is tested (it hasn't even been near a mac!), so your mileage will ceratinly vary. I think it will work, and in fact am going over to add it to a stack I'm working on, and have been looking for a "security system" for anyway. I'll let you all kknow the results. -- David G. Simmons "New Mexico...Land of the flea, davids@lanl.gov Home of the Plague..." -- David G. Simmons "New Mexico...Land of the flea, davids@lanl.gov Home of the Plague..."