The idea is to not give hackers extra information. If you say wrong password, you’ve told a hacker that they have a correct username, and vice-versa. Although what you’ve said is true, on some sites it is possible to determine if you’ve guessed a username via other means.
Leave the password as the user entered it. You should never change silently a field put by a user, overall a password.
Take a look at DotNetZip (@AFract supplied a new link to GitHub in the comments) It has got pretty geat documentation and it also allow you to load the dll at runtime as an embeded file.
git svn uses SVN commands directly and thus the internally saved password of SVN. Run the command: svn checkout –username user –password pass svn://server/repo and let SVN remember your password. If this does not work remove the saved SVN authentications: $HOME/.subversion/auth/svn.simple/* Then git svn clone will prompt you for the password.
Here are the character sets that Steve Gibson uses for his “Perfect Paper Password” system. They are “characters to allow” rather than “characters to avoid”, but they seem pretty reasonable for what you want: A standard set of 64 characters !#%+23456789:=?@ABCDEFGHJKLMNPRS TUVWXYZabcdefghijkmnopqrstuvwxyz A larger set of 88 characters !”#$%&'()*+,-./23456789:;<=>?@ABCDEFGHJKLMNO PRSTUVWXYZ[\]^_abcdefghijkmnopqrstuvwxyz{|}~ For pronounceable passwords, I’m not … Read more
Never hard-code passwords into your code. This was brought up recently in the Top 25 Most Dangerous Programming Mistakes Hard-coding a secret account and password into your software is extremely convenient — for skilled reverse engineers. If the password is the same across all your software, then every customer becomes vulnerable when that password inevitably … Read more
The sanctified method is to use CryptoAPI and the Data Protection APIs. To encrypt, use something like this (C++): DATA_BLOB blobIn, blobOut; blobIn.pbData=(BYTE*)data; blobIn.cbData=wcslen(data)*sizeof(WCHAR); CryptProtectData(&blobIn, description, NULL, NULL, NULL, CRYPTPROTECT_LOCAL_MACHINE | CRYPTPROTECT_UI_FORBIDDEN, &blobOut); _encrypted=blobOut.pbData; _length=blobOut.cbData; Decryption is the opposite: DATA_BLOB blobIn, blobOut; blobIn.pbData=const_cast<BYTE*>(data); blobIn.cbData=length; CryptUnprotectData(&blobIn, NULL, NULL, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &blobOut); std::wstring _decrypted; _decrypted.assign((LPCWSTR)blobOut.pbData,(LPCWSTR)blobOut.pbData+blobOut.cbData/sizeof(WCHAR)); If … Read more
You are right in that a password is only secure if it is obscure. But the “obsure” part of “security through obscurity” refers to obscurity of the system. With passwords, the system is completely open — you know the exact method that is used to unlock it, but the key, which is not part of … Read more