Encryption of a password

Question

i've managed to do a simple encryption of a password entered using the following code which then displays the encrypted password in a labels caption,

procedure TfrmLogin.edtAddPasswordClick(Sender: TObject);
var
  NormalPassword, EncryptedPassword: string;
  PasswordChar: Char;
  EncryptedCharValue: string;
  CharPtr: Integer;
  Ptr, n: Integer;
begin
  NormalPassword := Edit1.text;
  EncryptedPassword := '';
  for CharPtr := 1 to Length(NormalPassword) do
  begin
    PasswordChar := NormalPassword[CharPtr];
    EncryptedCharValue := IntToStr (Ord(PasswordChar) * 5 + 14);
    EncryptedPassword := EncryptedPassword + EncryptedCharValue;
    Label1.Caption := EncryptedPassword;
  end;
end;

The problem is that i would like to convert the encrypted password displayed in label1.caption back into its original form on the click of another button and i can't work out how this could be done. any suggestions?

Answer 1

Instead of create your own algorithm to hash( or encrypt) a password, try using a well tested and reliable algorithm like SHA1, MD5, and so on.

Back to your question to convert the encrypted value to the original, all you must do is reverse your algorithm, try this sample.

var
  NormalPassword, EncryptedPassword: String;
  PasswordChar : char;
  EncryptedCharValue : String;
  CharPtr : Integer;
begin
  NormalPassword    :='';
  EncryptedPassword := Label1.Caption; //here is stored the encrypted password
  CharPtr := 1;
  while CharPtr< length(EncryptedPassword) do
    Begin
      EncryptedCharValue:=Copy(EncryptedPassword, CharPtr, 3);
      Inc(CharPtr, 3);
      PasswordChar     := Chr((StrToint(EncryptedCharValue)-14) div 5);
      NormalPassword  :=NormalPassword+ PasswordChar;
    end;
    Label2.Caption := NormalPassword; 
end;

Answer 2

I know this is for homework and the idea is to get the reversing code, and others are providing you too much detail for that purpose, but I need to give this as an answer because its concept is too important to say in a note:

If you are truly talking about a password, then you must not make the password reversable. Users expect their passwords to be safe and secure and non-reversable.

If the reason why you want to do this is because you want to send them their password if they forget it, then the answer is don't .

When a person loses or forgets their password, you should not provide it back to them, because that proves it is insecure. Instead, the proper thing to do is, after ensuring they are the user who signed up (via email address or other means), then allow them to enter a new password of their choice.

Answer 3

If you're determined to do it the way you've described, you could make it reversible by changing the line:

EncryptedCharValue := IntToStr (Ord(PasswordChar) * 5 + 14);

to

EncryptedCharValue := format('%.4d', [Ord(PasswordChar) * 5 + 14]);

That would allow you later to pull the string apart in four-character chunks, subtract 14, divide by 5, and turn it back into a character. I stand by my earlier comment though - if you actually have a use-case that requires reversible security, use a stronger algorithm, for example as discussed in this question .

[Edit: four chars is clearly more robust]

Answer 4

You function is a very simple hashing algorithm that cannot be reversed. It does not make sense to store passwords in a way that can be reversed, since it does not add any additional layer of security (except you use a complicated scheme based on asymmetric crypto)

Answer 5

simple hash algorithm: How do I hash a string with Delphi?

hash with secret key algorithm(CRAM,HMac): HMAC-SHA256 in Delphi