Encrypt & Decrypt password

http://www.schneier.com/resources.html

How secure does the encryption need to be.  The algorithms suggested by ozo, while being very secure, and also very involved.  A very simple, and yet also reasonably secure encryption technique is known as XOR encryption (XOR for the Logical operation Exclusive OR).  The process is completely symmetric, meaning that to Encrypt a value, you XOR the Key with the value to be encrypted, which produces the ENCRYPTED result.  To decrypt the ENCRYPTED value, you again XOR the ENCRYPTED result with the Key, and you get the Original value back again.

AW

perhaps in the sense of
A very simple, and yet also "not excessive or extremely" secure encryption technique

ozo>> depends on how it is implemented.  I used a 'trick', using the Users UserName as the encryption Key, which has the effect of creating a DIFFERENT KEY for every user, and this is very close to using a One-Time Pad, which is UNCRACKABLE.

AW

An uncrackable One-Time Pad requires a *random* key of the same length as the plaintext.
UserName tends not to be very random.

true, but as I said, it is 'very close', since the algorithm is NOT identified as a 'one time pad', and each user does in fact have a UNIQUE user name, and if the username is shorter than the plaintext, I simply concatenate the username as many times as needed to create a key that IS as long as the plain text.

And since someone trying to crack the encryption is not aware of the algorithm in use, cracking it is essentially impossible.

AW

ozo>> also, in the application where I used this, there was only a single field (it happened to be a Creadit Card Number) that needed to be encrypted for each user, so there were not multiple encrypted fields ion play for a potential cracker to try out various algorithms against.

AW

concatenating a key  as many times as needed to create a key that IS as long as the plain text is one of the common misuses of 'one time pad' that have opened the door to many cracks.
I'm sure there are many applications where XORing with a repeating user name is adequate, but Creadit Card Number protection is not one I would count among them.

ozo, I might agree with you in the general case, but the situation was that the application was on a secure PC, in the Pentagon, nn Washington DC, and the PC was NOT accessible from the outside.  So the approach was sufficient for the situation.

AW

Notice that we have been talking to ourselves, and the original asker is nowhere to be found.  Perhaps we should wait until he/she deems it necesary to make himself/herself heard.

AW

sorry guys i did not mean my question will turn into an argument, i just want to know or have a simple routine for encrypting or decrypting user password, i'd seen a routine before, which i can not found right now, i think its name is encryptor?, i tried to consult experts in experts exchange if ever you have this.

sorry again and thanks again.

user passwords are usually hashed with a one way function that cannot be decrypted, only compared to see if you had the right password.
What exactly do you want to do with this routine?
If you are looking for a specific routine, "encryptor" is a pretty common name.
You might try googleing for it and see if you can recognise which one you want.

If you are looking for something simple you can use a Caesar cipher. Use arrays of all the alphabetical characters, number, special characters, etc. For example,

char upper[] = {'A','B','C',......'Z'};
char lower[] = {'a','b','c',.......'z'};
char number[] = {'0','1','2',....'9'};
char special[] = {'@','~','_',.........};

then call encrypt(int key)

char* encrypt(char *theString, int key)
{
   char temp;
   char *output;

   if(theString != NULL)
   {
       for(int i=0; i<theStringLength; i++)
       {
             temp = theString[i];

            if( temp == 'A' || temp == 'B' || ..... || temp == 'Z')
              {

                  for(int j = 0; j<upperLength; j++)
                      {
                          if(temp == punctuation[j])
                             {
                                int ctext = ((j + key)%upperLength);
                                if(ctext < 0) ctext += upperLength;
                                temp = punctuation[ctext];
                                break;
                              }
                      }
              }
     
pretty much do the same thing for all your arrays and then
at the end add each encrypted character to your new array:

    output[i] = temp;

}//end of for loop

return output;
}

The second parameter, int key, is the number that will be used to shuffle around, or number of spaces to move so your decrypt function should use the same key and do the inverse of the encrypt function. Hope it helps.
                   
             

I guess this is what you were looking for? No more questions?

hi! thanks for all ur reply, i found and apply this hashing of password using MD5, http://www.codeguru.com/Cpp/Cpp/algorithms/article.php/c5087 , Implementing MD5 algorithm