|
|
Title | Give a program a simple one-time password |
Description | This example shows how to give a program a simple one-time password in Visual Basic 6. The program stores the encrypted password in the registry. Later it looks it up and verifies that it correctly encodes the password. |
Keywords | password, cryptography, one-time password |
Categories | Software Engineering |
|
|
When program starts, it looks for the encoded password in the Registry. If it finds a value, it compares it to a desired encoded password stored in the program.
If the two don't match, then the program prompts the user for a password. It encodes that password and sees if it matches the desired value. If it matches, the program saves the encoded password in the Registry.
Finally, if the program has a valid encoded password, it displays the main form. Otherwise it displays an error message.
|
|
' Make sure the user is authorized to run the
' program.
Public Sub main()
' This is the coded form of "thepassword"
Const WANTED_PASSWORD = "uifqbttxpse"
Dim coded_password As String
Dim plain_password As String
' See if the password is in the registry
' already.
coded_password = GetSetting("PasswordChecker", _
"Parameters", "Validation", "")
If coded_password <> WANTED_PASSWORD Then
' The password is not saved. Ask for one.
plain_password = InputBox("Enter password", _
"PasswordChecker", "")
coded_password = Encode(plain_password)
' If the password is correct, save it in
' the registry.
If coded_password = WANTED_PASSWORD Then
SaveSetting "PasswordChecker", _
"Parameters", "Validation", _
coded_password
End If
End If
' See if we got the password.
If coded_password = WANTED_PASSWORD Then
Form1.Show
Else
MsgBox "Invalid password.", vbOK, "Invalid Password"
End If
End Sub
' Encode a text string by adding 1 to each letter.
Private Function Encode(plain_text As String) As String
Dim i As Integer
Dim ch As String
Dim coded_text As String
For i = 1 To Len(plain_text)
ch = Mid$(plain_text, i, 1)
ch = Chr$(Asc(ch) + 1)
If ch > "~" Then ch = " "
coded_text = coded_text & ch
Next i
Encode = coded_text
End Function
|
|
The most important feature of this method is that the unencoded password is not saved in the Registry so the user cannot dig it out. He could find the encoded version and copy it to another computer's Registry but this should be good enough for many applications. You can also make the encoding method depend on the system's serial number or the program's serial number.
|
|
|
|
|
|