Scratch

Can I just ask why you would want to make a login system with Windows Batch Scripts?

sparks wrote:

Slightly off-topic, how would one go from storing passwords in MD5 to a SHA based one? I can't unencrypt the passwords so the only way I can think if doing it is SHA'ing existing passwords, then MD5ing AND SHA'ing new passwords.

Probably your best bet.

rookwood101 wrote:

Can I just ask why you would want to make a login system with Windows Batch Scripts?

I am making an OS shell.

sparks wrote:

jvvg wrote:

sparks wrote:

Slightly off-topic, how would one go from storing passwords in MD5 to a SHA based one? I can't unencrypt the passwords so the only way I can think if doing it is SHA'ing existing passwords, then MD5ing AND SHA'ing new passwords.

1. MD5 is about as secure as SHA1
2. I think that there are tools to reverse MD5 and SHA1 available (so #1 is not very)

The way you put it, database holders might as well not bother encrypting at all, anyone who downloads this tool will be able to decrypt it, which I really don't think is that case. SHA2 (or SHA3 which is still in development) came out after MD5 and claims to be more secure, resisting a method of decryption called collision detection which MD5 was succeptable to.

Well I think I have found a solution. I found a simple command line program that encrypts text using a password... If you encrypt any text with the code "test", trying to decrypt the text with the code "tset", it will give completely different decrypted text. I can keep the code secure by using a batch file compiler, then compress it with something like UPX. Would that be secure enough for passwords?

rookwood101 wrote:

nathanprocks wrote:

sparks wrote:

The way you put it, database holders might as well not bother encrypting at all, anyone who downloads this tool will be able to decrypt it, which I really don't think is that case. SHA2 (or SHA3 which is still in development) came out after MD5 and claims to be more secure, resisting a method of decryption called collision detection which MD5 was succeptable to.

Well I think I have found a solution. I found a simple command line program that encrypts text using a password... If you encrypt any text with the code "test", trying to decrypt the text with the code "tset", it will give completely different decrypted text. I can keep the code secure by using a batch file compiler, then compress it with something like UPX. Would that be secure enough for passwords?

nonono never use a known string to encrypt passwords, especially if you have to access that password to every decrypt it/compare it with another password. You pretty much HAVE to use a hash, any other way is dangerous really, as the passwords could be found out by someone.

How can I hash strings with the command line?

roijac wrote:

http://www.labtestproject.com/using_win … ws_xp.html?

I want to encrypt a string, not check sum files.