- Home /
Checking if a Password exists
Hi I'm trying to create a Login menu with Input Fields. I have a Username and a Password field. The Password is encrypted before with a Sign Up Menu.
The problem is that the password is not being recognized in the Login Menu. I keep getting the Debug ("Password Invalid"). The code below is how it is interpreting the existing password for the user. But I'm not really sure why it's not working.
The Lines array has a Username, Email and Password (hence the [2])
Also, all these txt files are being saved in the Unity Project folder so there isn't a set folder path I've sent the information to yet.
Any ideas would be great, thanks!
if (Password != "")
{
if (System.IO.File.Exists (@Username + ".txt"))
{
int i = 1;
foreach (char c in Lines[2])
{
i++;
char Decrypted = (char)(c / i);
DecryptedPass += Decrypted.ToString();
}
if (Password == DecryptedPass)
{
boolPass = true;
}
else
{
Debug.LogWarning ("Password Invalid");
passwordText.text = "Password Not Correct";
}
}
Answer by Bunny83 · Aug 26, 2017 at 12:56 PM
Well, have you actually start debugging the problem? Are you sure that your method of "encrypting" can actually be reverted? What you do is quite dangerous. You can easily end up with illegal character combinations which might not be able to be stored proberly.
Another reason might be that your source string contains additional characters like a new line character.
Usually you would do something like this:
Debug.Log("EnteredPassword: >" + Password + "< Length: " + Password.Length );
Debug.Log("DecryptedPassword: >" + DecryptedPass + "< Length: " + DecryptedPass.Length );
right before your if (Password == DecryptedPass)
line.
Are you sure that
(just read that this is correct, or at least should be correct).lines[2]
is correct? Keep in mind that is the
3rd line.
ps: This way of encrypting the password isn't really save at all. If you store third party passwords (user passwords) like that you most likely do not comply to Information privacy regulations (depending on your country). You can get into real trouble if you handle sensitive user data like that.
It's strongly advised that you use some sort of hash function and a salt. Such password can't really be decrypted at all. To verify that the password is correct you just apply the same salt and hash function to the text that was entered by the user. If the result is the same, it's the correct password.
@Bunny83 haha wow ok yeah I mean I just followed a random tutorial so I'm new to this. I'll start looking into hash and salt. Flavoring methods aside, I put in the Debug.Log you recommended and got this:
EnteredPassword > 12345678 < Length: 8 UnityEngine.Debug:Log(Object)
DecryptedPassword > $$anonymous$$DA?? > ? < Length: 7 UnityEngine.Debug:Log(Object)
Does this mean that the decryption is only recognizing 7 characters? And the password is incorrect because of it?
Thank you!
You most likely tried to store the "encrypted" string somewhere where it doesn't support unicode. Forexample writing a char array to a file expects the characters to be ASCII (so a single byte value). However as i said this way encrypting the password is dangerous. The resulting numeric value could represent a part of a surrogate pair in which case your string might get interpreted as something completely different.
You could use something like this instead:
public string Crypt(string aText, int aKey)
{
aKey = aKey * 0x08088405 + 1;
var sb = new System.Text.StringBuilder(aText.Length);
foreach(var c in aText)
{
sb.Append((char)(c^(byte)aKey));
aKey = aKey * 0x08088405 + 1;
}
return sb.ToString();
}
It uses a simple pseudo random number generator(the one used in the program$$anonymous$$g language Pascal) to produce a see$$anonymous$$gly random steam of values. Those values are simply "xor-ed" with the actual characters. Since the value i use to xor is just in the byte range the resulting character is still in the ASCII range. However it's still possible that the resulting char might not be a printable character. Though storing it in a binary file should always work. As key you would simply use any constant integer value. Just make sure you use the same to encode / decode. Since our scramble operation is xor there's actually no difference between encrypting and decrypting.
So this would result in the same string:
s1 = "some text";
s2 = Crypt(s1, key); // encrypted
s3 = Crypt(s2, key); // decrypted. so s1 == s3
Answer by Kishotta · Aug 26, 2017 at 02:37 PM
As bunny said, salted hashes are really the only way you should do this. This Compterphile video should explain why.
While this is true and yes that computerphile vid explains the problem quite well, it doesn't really address the problem in the question -.-
Your answer
Follow this Question
Related Questions
Is this a secure way to collect passwords? 3 Answers
Mono.Data.Sqlite.dll set password error 0 Answers
Secure password input on android 0 Answers
How to move text in input field? 0 Answers
making a c# file unreadable 4 Answers