通过存储过程，数据库中存储的密码与原始加密略有不同

Question

I use Delphi 10.4 community edition and Firebird embedded database.

The problem: I usually store the login passwords in an 'user' table encrypted. This is the algorithm I usually use (I know it is not the hardest to crack but this software only for myself so who bothers?)

function Titkositas(Jelszo: string; Code: LongInt): string;
var
  Ciklus: Byte;
begin
  RandSeed := Code;
  Result := '';
  for Ciklus := 1 to Length(Jelszo) do
    Result := Result + Chr(Ord(Jelszo[Ciklus]) xor Random(256));
end;

Once it was encrypted I stored it in the table.

procedure TFrmadmin2.BitBtn5Click(Sender: TObject);
var
  s, s2, m, t, dt, most: string;
begin
  s := '';
  s2 := '';
  m := '';
  t := '';    dt:='';  most:='';
  if trim(edit3.Text) = trim(edit4.Text) then
  begin

    if ((edit1.text <> '') and (edit2.text <> '') and (edit3.text <> '') and (edit4.text <> '')) then
    begin
      if (not TDM1.MenuTrans.InTransaction) then
        TDM1.MenuTrans.StartTransaction;
      try
        with insertuser do
        begin
          prepare;
          begin
            ParamByName('NEV').asString := trim(edit1.Text);
            ParamByName('LOGIN').asString := trim(edit2.Text);
            ParamByName('PASSWD').asString := Titkositas(trim(edit4.text), 123456); //this is it!!!
            listbox1.items.add(Titkositas(trim(edit4.text), 123456));
            ParamByName('JOG').AsInteger := strtoint(trim(edit5.Text));
            dt:=DateTimeToStr(now);

            ParamByname('DATUM').Asstring :=dt;
            execproc;
            if TDM1.MenuTrans.InTransaction then TDM1.MenuTrans.CommitRetaining;
....

So, it worked perfectly in the past, but now I noticed that the encryption does not function properly (or something else). I have not got a clue what the problem could be: So this should be the password after encryption: a÷~D 2¥
But it is stored in the table: a÷~D 2Y Can you see the slight difference? It means when I try to log in it does not work because the password I know was changed through the storing process. I thought it could be because of the character set of the Firebird db I registered. I changed it to Unicode, ISO-1, default but nothing was changed.

I double checked the above code so I printed out the encrypted password in a showmessage which showed proper result and then debugged it from row to row and when it was executed then it still showed the right encrypted characters but then when I checked in the table it was slightly different.

Has anyone got an idea what the problem could be?

Answer 1

XOR-ed string is not a string anymore. It is an array of bytes. You cannot handle it as a string, store as string, etc because for strings the range of valid codes is limited and strings transformations between charsets may be irreversible.