In this chapter you will learn about an application that uses methods of the Crypt class. They are the methods Crypt.MD5 and Crypt.Check(Password As String, Crypt As String). With the method Crypt.Check(..) you can check whether an entered password - which is internally encrypted according to the algorithm MD5 - matches an encrypted password stored in the programme or in a file or not. The programme presented is protected by a strong (start) password (+Gambas340):

Figure 28.2.2.1: Password input (plain text)

Figure 28.2.2.2: Password is correct

The start password used was generated with the MD5 password generator with random prefix. This encrypted password is permanently stored in the programme. In addition, the following enhancements have been implemented:

• The password check only allows 3 invalid entries. After that, the password query is terminated and the protected main programme is not started.
• After successful password entry, the user can change the programme password in the main programme at runtime.

Figure 28.2.2.3: The main programme has been successfully started …

In the following section, only excerpts from the source code are presented and briefly explained.

' Gambas class file
' The CRYPT and SETTINGS components must be included.
 
Public iCount As Integer = 1
Public sMD5Password As String
Public bPWCancle As Boolean = False
Public bPWInputError As Boolean = False
Public pw2Settings As New Settings(Application.Path &/ ".pw.conf")
' Hint: The file .pw.conf is a hidden file in the application path
 
Public Sub Form_Open()
  FGetPassword.Center
  FGetPassword.Resizable = False
  PictureBox1.Picture = Picture["Symbols/lock_zu.png"]
  txtPasswordInput.Password = True
  txtPasswordInput.Clear
 
  sMD5Password = pw2Settings["Password/MD5-Password", "$1$V/eCyFQp$hDAEMfcO7yuN3o0UFfkKL0"]
 
End ' Form_Open
 
Public SubbtnCancle_Click()
  bPWCancel = True
  FGetPassword.Close
End ' btnCancel_Click()
 
Public Sub txtPasswordInput_Activate()
  btnOK_Click()
End ' Input_Activate
 
Public Sub btnOK_Click()
  Dim sPasswort, sMessage As String
 
  sPassword = txtPasswordInput.Text
  If sPassword = "" Then
     Message.Info("Enter a password!")
     Return
  Endif ' sPassword = "" ?
 
  If Crypt.Check(sPassword, sMD5Password) = True Then
     If iCount <= 2 Then
        Message.Warning("Attention!\nThe password is NOT correct!")
       txtPasswordInput.Clear
        txtPasswordInput txtPasswortEingabe.Clear
        txtPasswortEingabe.SetFocus
        Inc iCount
     Else
        sMessage = "Error!\n"
        sMessage &= "The password is NOT correct even after 3 entries!\n"
        sMessage &= "The password request is terminated."
        Message.Error(sMessage)
        bPWInputError = True
        FGetPassword.Close
     Endif ' iCount <= 2 ?
  Else
     bPWInputError = False
     FGetPassword.Close
  Endif ' Crypt.Check(sPassword, sMD5Password) = True ?
 
End ' btnOK_Click
 
Public Sub Form_Close()
  If bPWAbort = True Or bPWInputError = True Then
     FMain.PasswordError = True
  Else
     PictureBox1.Picture = Picture["Symbols/lock_up.png"]
     FGetPassword.text = "The main programme is started..."
     Wait 2
  Endif ' Fehler ?
End ' Form_Close()

Comments:

• At the 1st programme start and the following ones, the md5-encrypted password stored in the programme is used → “$1$V/eCyFQp$hDAEMfcO7yuN3o0UFfkKL0” as long as no new password has been generated by the user.
• The query programme is terminated when the user exits the password query or when, after 2 incorrect entries, the 3rd entry also resulted in a password error or the correct password was entered.
• The function Crypt.Check(…) returns True if the password pair does NOT match (!) and False if the encrypted stored password matches the md5-encrypted plaintext input!
• The query in the Form_Close procedure is important because under no circumstances should the password query be bypassed.

A new password can be generated by the user in the main program:

Figure 28.2.2.4: A new programme password is generated.

A modified MD5 password generator is used, which was already described in chapter 28.2.1. The component gb.settings is used for convenient reading and saving of the reference password. The new, strong password - encrypted according to MD5 - is stored in the configuration file .pw.conf in the application directory.