Recent Posts

Pages: 1 2 [3] 4 5 ... 10
21
Open Forum / Re: RaspberryBASIC.org Forum
« Last post by AIR on December 31, 2019, 05:35:39 PM »
Quote from: JaliH
It just needs to store username, randomly generated hash and encrypted password for user.

The encrypted password is supposed to be created using the randomly generated hash to 'salt' the password generation AND the resulting check, with the hash being retrieved along with the encrypted password from the DB in order to perform the verification.

The Scriptbasic version is missing this....

AIR.
22
Open Forum / Re: RaspberryBASIC.org Forum
« Last post by John on December 31, 2019, 02:27:55 PM »
I posted an updated ScriptBasic version on Raspbery BASIC that supports a database with encrypted (MD5) passwords.
23
Open Forum / Re: RaspberryBASIC.org Forum
« Last post by jalih on December 30, 2019, 11:15:42 PM »
You can do that, or do as I did and model your logon app after a system logon screen, which doesn't allow the creation of a new account at that screen.
I think that is fine! Lets keep the account creation dialog out of this challenge. You can use whatever method available to create the user account database. It just needs to store username, randomly generated hash and encrypted password for user.
24
Open Forum / Re: RaspberryBASIC.org Forum
« Last post by AIR on December 30, 2019, 09:35:48 PM »
You can do that, or do as I did and model your logon app after a system logon screen, which doesn't allow the creation of a new account at that screen.
25
Open Forum / Re: RaspberryBASIC.org Forum
« Last post by John on December 30, 2019, 07:39:09 PM »
That would mean you would also need to create a new account dialog as well.

The easy way is to add a New Account checkbox and what's entered would be added to the SQLite database with an encrypted password.
26
Open Forum / Re: RaspberryBASIC.org Forum
« Last post by AIR on December 30, 2019, 04:20:50 PM »
How would we implement the salt, as a static-applies-to-all variable, or a unique salt for each encrypted password that is generated?

If we do this, we need to agree that simply stuffing the password in plain text into the DB is not acceptable; it has to be the encrypted version of the password, and the comparison/check has to be against the encrypted version, not the plain text, and finally that hard-coding the passwords within the code, encrypted or not, is not allowed.


For the DB portion, a full RDBS is overkill, I would use sqlite3 for this.

AIR.
27
Open Forum / Re: RaspberryBASIC.org Forum
« Last post by jalih on December 30, 2019, 12:42:03 PM »
Jalih,

It would be great if you could join the Raspberry BASIC forum and participate there. I would like to migrate this AllBASIC thread to that forum and give other topics here a chance to flurious.

Okay, I will join...  ;D

One additional improvement for this login dialog challenge would be to use database for storing username, encrypted password and salt.
28
Open Forum / Re: RaspberryBASIC.org Forum
« Last post by John on December 30, 2019, 12:35:49 PM »
Jalih,

It would be great if you could join the Raspberry BASIC forum and participate there. I would like to migrate this AllBASIC thread to that forum and give other topics here a chance to flurious.
29
Open Forum / Re: RaspberryBASIC.org Forum
« Last post by jalih on December 30, 2019, 12:22:54 PM »
Here is an updated 8th login dialog. Added toggle control for show password option. Tab and enter keys now work as expected. It also now uses encrypted password instead of storing it as a plain text.

I didn't find a way to change edit controls "password-char" property after it's created, so I am removing and adding child controls on the fly... I also wrote alternator word called next-state that gives a different state on every call. It works very nicely with toggle controls click event...

Code: [Select]
requires gui

{ guest: ` "2aab261fa05fbb817f5a2cba6511789632472561c04c82db1c4f7b0d7068f893" b:>hex ` } constant password

defer: auth

{
  kind: "edit",
  bounds: "edit1.left, lbl2.top, parent.width-20, top+24",
  name: "edit2",
  max-text: 32,
  password-char: "*",
  return-pressed: ' auth ,
  text-changed: ( "lbl0" g:child "" g:text drop )
} g:new constant edit2-hide-passwd

{
  kind: "edit",
  bounds: "edit1.left, lbl2.top, parent.width-20, top+24",
  name: "edit2",
  max-text: 32,
  password-char: "",
  return-pressed: ' auth ,
  text-changed: ( "lbl0" g:child "" g:text drop )
} g:new constant edit2-show-passwd

: alternator \ a -- a[0]
  a:shift dup >r
  a:push drop r> ;

[ ` edit2-show-passwd ` , ` edit2-hide-passwd ` ] ' alternator curry: next-state

: authenticate
  "edit1" g:child g:text? password swap m:@ nip null? if
    drop
    "lbl0" g:child
    "User not found!" g:text drop
  else
    swap
    "edit2" g:child g:text? s:len 0 n:= if
       drop false
     else
       "salty8thtears" 10000 cr:genkey rot b:=
     then if
       "Authenticated!" . cr
       bye
     else
       "lbl0" g:child
       "User and password don't match!" g:text drop
     then
  then ;

' authenticate w:is auth

{
  kind: "win",
  buttons: 5,
  native-title-bar: false,
  title: "Login",
  wide: 520,
  high: 220,
  resizable: false,
  center: true,
  children:
  [
    {
      kind: "box",
      name: "frame",
      bounds: "0, 0, parent.width, parent.height",
      bg: "gray",
      children:
      [
        {
          kind: "image",
          bounds: "parent.left+10, parent.top+10, left+128, top+128",
          img: "8thlogo.png",
          name: "logo"
        },
        {
          kind: "label",
          fg: "red",
          font: 20,
          label: "",
          bounds: "logo.right+20, parent.top+10, parent.width-10, top+24 ",
          justify: ["hcenter"],
          name: "lbl0"
        },
        {
          kind: "label",
          label: "Username:",
          bounds: "logo.right+20, lbl0.bottom+20, left+80, top+24 ",
          name: "lbl1"
        },
        {
          kind: "edit",
          bounds: "lbl1.right+10, lbl1.top, parent.width-20, top+24",
          name: "edit1",
          max-text: 32,
          return-pressed: ( "edit2" g:child g:focus drop ),
          text-changed: ( "lbl0" g:child "" g:text drop )
        },
        {
          kind: "label",
          label: "Password:",
          bounds: "lbl1.left, lbl1.bottom+10, left+80, top+24",
          name: "lbl2"
        },
        {
          kind: "edit",
          bounds: "edit1.left, lbl2.top, parent.width-20, top+24",
          name: "edit2",
          max-text: 32,
          password-char: "*",
          return-pressed: ' authenticate ,
          text-changed: ( "lbl0" g:child "" g:text drop )
        },
        {
          kind: "toggle",
          label: "Show password",
          adjustwidth: true,
          bounds: "edit1.left, lbl2.bottom+20, left+100, top+24",
          name: "toggle",
          click: ( "edit2" g:child g:text? >r "frame" g:child "edit2" g:-child next-state g:+child "edit2" g:child r> g:text drop )
        },
        {
          kind: "btn",
          label: "Login",
          bg: "darkgray",
          bounds: "lbl2.left, lbl2.bottom+60, edit1.right, top+30",
          name: "button",
          tooltip: "Login to account",
          click: ' authenticate
        }
      ]
    }
  ]
} g:new var, gui

: app:main ;
30
Open Forum / Re: RaspberryBASIC.org Forum
« Last post by John on December 30, 2019, 11:26:41 AM »
Let's call the ScriptBasic / Nim version the challenge baseline and any other permutations are welcome.

I'm assuming you will post your submission on the Raspberry BASIC  forum when you are ready to release it.
Pages: 1 2 [3] 4 5 ... 10