[Synotic]

Has anyone had to do it before? If so, how do you encrypt the passwords in a PLIST? Thanks

[seb2]

why not use the <a href="http://developer.apple.com/techpubs/macosx/Carbon/securityservices/keychainmanager/Keychain_Manager/index.html" target="_blank">keychain manager</a>?

i've only used it to retrieve passwords, but storing them shouldn't be too hard, either...

[Bwa]

</font><blockquote><font size="1" face="Geneva, Verdana, Arial, sans-serif">quote:</font><hr /><font size="1" face="Geneva, Verdana, Arial, sans-serif">Originally posted by Synotic:
<strong>Has anyone had to do it before? If so, how do you encrypt the passwords in a PLIST? Thanks </strong></font><hr /></blockquote><font size="1" face="Geneva, Verdana, Arial, sans-serif">I usually use the UNIX crypt function. It's a one way algorithm and uses salt. Check `man 3 crypt'

[Angus_D]

Yeah, you'll want to hash them. You can use crypt(), but that only uses the first 8 characters, I think. libcrypto (part of OpenSSL and installed as standard on OS X) might have RC4 and MD5, otherwise I'm sure you can find a freeware library that does them somewhere.

[msykes]

Originally posted by Angus_D:
Yeah, you'll want to hash them. You can use crypt(), but that only uses the first 8 characters, I think. libcrypto (part of OpenSSL and installed as standard on OS X) might have RC4 and MD5, otherwise I'm sure you can find a freeware library that does them somewhere.

Okay, can anybody either give decent instructions on using crypt to store/retrieve passwords (or libcrypto)? Either that, or point to a good tutorial on the web somewhere. I'd also like to do this, and have had trouble finding a decent set of instructions anywhere via google (C specific would be nice, most deal with PHP implementation).

I'd rather do this than keychain, if for no other reason that I think it will be more generally applicable.

Thanks

[smeger]

Here is the man page for libcrypto. You want the 'sha' function to get a hash of a password.

It's pretty self-explanatory.

[msykes]

Originally posted by smeger:
Here is the man page for libcrypto. You want the 'sha' function to get a hash of a password.

It's pretty self-explanatory.

Unfortunately, I'm one of those people who doesn't find man pages self-explanatory. I can encrypt and store a password using SHA1, but how the heck do I get it out?

Anybody?

[hayesk]

Originally posted by msykes:


Unfortunately, I'm one of those people who doesn't find man pages self-explanatory. I can encrypt and store a password using SHA1, but how the heck do I get it out?

Anybody?

You don't get it out. Ever.

When the user types the password (after it has been stored), you use SHA1 on that password, and compare the encrypted value to the encrypted password you stored earlier. If they match, let the user proceed.

[msykes]

Originally posted by hayesk:


You don't get it out. Ever.

When the user types the password (after it has been stored), you use SHA1 on that password, and compare the encrypted value to the encrypted password you stored earlier. If they match, let the user proceed.

Okay, so I guess that means that using SHA1, or associated functions in order to store default password values is, well, not possible?

I'm trying to store the last password value used in the program, to have it available as default the next time the user launches the app.

To the keychain it is then!

[eno]

Originally posted by msykes:
To the keychain it is then!

You should always use the keychain. Users like it.

And if they move machines, they can just take their keychain file with them instead of thousands of pref files for different apps.