Re: encryption question

Henrick Hellström wrote:
....
The flaw in this scheme ought to be fairly obvious. An attacker who finds a H,C pair might simply calculate T = E(H,C) and be done with it, without any information whatsoever about P.

I agree, in general you would not store the hash in the exe. This is normally stored in a database field for a particular user. A cracker could potentially also just use a hex editor to find the place where the login test condition is done and adjust the exe binary information..

This is why I recommended the Secure Code product so that the exe is protected from being cracked.

http://www.ionworx.com/securecode.html

Siegfried
.