Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Password encryption in Delphi

Tags:

passwords

configuration

encryption

delphi

I need to store database passwords in a config file. For obvious reasons, I want to encrypt them (preferably with AES). Does anyone know a Delphi implementation that is easy to introduce into an existing project with > 10,000 lines of historically grown (URGH!) source code?

Clarification: Easy means adding the unit to the project, adding max. 5 lines of code where the config file is read and be done with it. Should not take more than 15 minutes.

Another clarification: The password is needed in order to create a connection to the db, not to support a user management scheme for the application. So using hashes does not help. The db engine checks if the password is valid, not the app.

like image 692
Treb Avatar asked Sep 25 '08 13:09

Treb

3 Answers

I second the recommendation for David Barton's DCPCrypt library. I've used it successfuly in several projects, and it won't take more than 15 minutes after you've read the usage examples. It uses MIT license, so you can use it freely in commercial projects and otherwise. DCPCrypt implements a number of algorithms, including Rijndael, which is AES.

There are many googlable stand-alone (single-unit) implementations too - the question is which one you trust, unless you are prepared to verify the correctedness of a particular library yourself.

like image 69
Marek Jedliński Avatar answered Nov 06 '22 23:11

Marek Jedliński

For typical authentication purposes, you don't need to store the passwords, you only need to check if the password entered by the user is correct. If that's your case then you can just store a hash signature (e.g. MD5) instead and compare it with the signature of the entered password. If the two signatures match the entered password is correct.

Storing encrypted passwords may be dangerous because if someone gets your "master" password they can retrieve passwords of all your users.

If you decide to use MD5 you can use MessageDigest_5.pas which comes with Delphi (at least it's included with my copy of Delphi 2007). There are also other implementations with Delphi source code you can choose from.

like image 26
Ondrej Kelle Avatar answered Nov 06 '22 22:11

Ondrej Kelle

I think Turbopower LockBox is an excellent library for criptography:

http://sourceforge.net/projects/tplockbox/

I don't know if it's too big for your uses but it is very easy to use and you can encrypt a string with 5 lines of code. It is all in the examples.

like image 8
Giacomo Degli Esposti Avatar answered Nov 07 '22 00:11

Giacomo Degli Esposti
Sign in to Comment

Related questions

Including resource file in a project by .RC file rather than .RES file
Access a strict protected property of a Delphi class?
How to define version "and up" ifdefs in Delphi?
How can I allow a form to accept file dropping without handling Windows messages?
Why does "for I := 0to aList.Count-1 do" work with a missing space?
Indy or ICS or ?
Can you remove a published property from a delphi component and not cause errors on the forms where the component is used?
Removing duplicate from TStringList
Delphi IDE Project "Clean"Command -- What does it do?
How can I test private methods with DUnit?
How to use a dll outside of the system path
'23/02/2011 12:34:56' is not valid date and time
Can specific Delphi hints be disabled?
Delphi: How to programmatically adjust visual ordering of components with align = alTop
In Delphi, why does passing a Interface variable sometimes require it to be a const parameter?
What is the universal newline for all operating systems? (LF and CR)
How to check if a process is running using Delphi?
Switch off Delphi range checking for a small portion of code only
Using Delphi data-aware components - pros and cons [closed]
Why can't two TBytes use overlapping data?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!