Password protected folder

[zask]

Basically you should never be encrypting or obfuscating a password - Basically, any system that handles a password should not be able to take what it stores and get the original password out of it - This is why websites should always ask you to set a new password if you forget it instead of emailing you your existing one, a properly built website physically can't get your password to email it.  What you need to look into is hashing - This is where you take the password and out the end you return a "hash" such as SHA-1 or MD5 (don't use MD5 for passwords nowadays though) which practically uniquely identifies the password but can't be turned back into the password, you then perform the same hash function to the password the user gave and compare the hashes, that way you are never storing the actual password anywhere on your system.  Think of a hash as being like adding two numbers together, you can add 23+42 to get 65 but if all you have is the number 65 you have no idea what two numbers were added to get it.  This video explains hashing pretty well: https://www.youtube.com/watch?v=yoMOAIzBSpY

It's great that you are learning to program but I'd suggest that you consider if Batch is really suitable, it's handy for automating tasks but it's severely limited for the things you are trying to do and certainly doesn't encourage good programming style.  (Goto statements for example have been seen as bad practice for years but are still common in batch).  I'd strongly suggest learning a full programming language like Python - It's more useful, you can build cooler stuff and it will likely be easier than trying to battle Batch which hasn't really been improved since the early DOS days.

Good programming style? that's nonsense, without encryption the program would have no purpose at all. without encryption hackers could easily hack credit card and private information. i go agree that that goto commands are a bad practice. but you must not realize what entirely the encrypt is doing. the program is just changing the appearance of the code, each command in the encryption is then completely reversed. The problem with the goto command is that it turn's your code into spaghetti code, but in encryption this is exactly what you want.  the program gives both the option to create a password and use it.. You should avoid the goto command for the purpose of making your script more understandable. the last thing you want in encryption is for anyone to understand. yes you could just change a batch file to a exe file, but it's not actually encrypting the batch files code. the exe file is just wrapping the batch file like a gift in a box, who is going to keep someone from turning the exe file back into a batch? There is absolutely no way to keep people 100% guaranteed  from accessing your password contents unless you make it completely non readable.the code completely works with zero errors. so i dont understand what the problem with it being encrypted. it's for one sole purpose and that's for privacy. and to be honest even for a encrypted code, it's still very organized if you understand what it's doing. actually it works as if it would entirely without the encryption. and when you say im not actually storing the password anywhere on the system thats where i will have to say that your entirely incorrect. Start the file, make your own password as you like. then feel free open command prompt and set your directory to "C:\Pswrd.Zask" then unhide the files inside that folder by typing "attrib -s -h". Even though the code appears encrypted, it's done in such a clever and organized way what no matter what password you type in it it still will not change the output password that the user creates. you will find a hidden text document in the folder with your password in it exactly as you typed it before in the program.

[BC_Programmer]

Your program doesn't encrypt anything.

It's some obfuscated batch logic that performs a plain text comparison before running the rest of the batch. There is no encryption.

[BC_Programmer]

There is absolutely no way to keep people 100% guaranteed  from accessing your password contents unless you make it completely non readable.

That is why you don't store the password. You store a non-reversible, ideally salted, Hash using a one-way function. checking if a password matches is done by taking the entered password and performing the same hash on it; if it matches, then it is considered a match, otherwise, it is not.

[zask]

you obviously dont know what encryption is, encryption the the art of ciphering text to the point where it is not understandable unless it is then decrypted. Encryption has been around ever since the days of Julius Ceasar who was the first person who invented the first form of encryption known as the Cesar Cypher. You do not understand what your talking about. read this here for some evidence.

Ceasar Cypher.
http://practicalcryptography.com/ciphers/caesar-cipher/

and here is google deffinition

Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text.

The code does exactly absolutely what this definition describes. don't tell me what that im a lier because you dont understand what encryption is. How can you tell me that this isnt being encrypted? since you know so much about encryption why dont you try to explain what this code does? Tell the very person who made this thing how it works huh? why don't you try? since you are are so positive why it's not encrypted then you must understand entirely what its doing.
.
Do you have any idea what i do as a hobbie? I make malware, and try to find ways to keep things from being detected so that i can better understand what a computer is under all category, i do this for my sake in learning. if i knew nothing about encrypting then i wouldn't be able to get around antivirus programs.

[zask]

That is why you don't store the password. You store a non-reversible, ideally salted, Hash using a one-way function. checking if a password matches is done by taking the entered password and performing the same hash on it; if it matches, then it is considered a match, otherwise, it is not.

Your saying absolutely nonsense! any form of encryption can be reversed if it has a pin! The code has a decryption pin! if it didn't the whole thing wouldn't even work!

Do you not understand that there are millions of forms of encryption types? You do not understand what your taking about, the form of encryption you are talking about is called a single key pad encryption, what it does is give you complete garbage text and makes it %100 impossible to unencrypt unless you have the generated decryption key! This is a Ceasar Cypher! You are basically saying that since this form of encryption if different compared towards your type of encryption, that nothing im doing is encryption at all and that entirely not true because it is a type of encryption. Let me give you a example, how does one make a encrypted virus? you can make you code look like completely random characters and the code will do absolutely nothing. But there are ways to encrypt code and still make it run perfectly as it was before. If you can explain to me what my code is doing and give me a reason that what im doing in my code that voids the definition of what encryption is, then you can tell me what encryption is and what it isn't. Because this is exactly what it says encryption is.
 

[Salmon Trout]

Patio, please pass the popcorn...

[patio]

Extra Large ? ?...with real butter ? ?

[Salmon Trout]

Yes please!!!

[zask]

Extra Large ? ?...with real butter ? ?

Lol Butter plz XXL

[camerongray]

We are trying to help you here, the least you can do is listen.  There is no need for going all defensive and trying to show off when someone tries to help you.  And before you ask, yes, I understand encryption, as does BC.

Encryption and hashing are two completely separate things.  You should NEVER encrypt a password, you should hash it, it's that simple.  Yes, if you are storing bank details they should be encrypted as you can't work with a hash of them in many cases but this is completely different for passwords.  I know that both BC and I have build many systems that handle passwords and we have implemented these password hashing systems many times before.  Remember, hashing and encryption are completely different things!

Obfuscating the code as you have done is certainly okay if you need to hide the functionality from people who have the file, this is common practice with web frontend code (although it's not perfect).  This however is no substitute for properly hashing a password.  We are not talking about the code being obfuscated here, nothing wrong with that, we are talking about the password not being hashed.

[zask]

Your saying absolutely nonsense! any form of encryption can be reversed if it has a pin! The code has a decryption pin! if it didn't the whole thing wouldn't even work!

Do you not understand that there are millions of forms of encryption types? You do not understand what your taking about, the form of encryption you are talking about is called a single key pad encryption, what it does is give you complete garbage text and makes it %100 impossible to unencrypt unless you have the generated decryption key! This is a Ceasar Cypher! You are basically saying that since this form of encryption if different compared towards your type of encryption, that nothing im doing is encryption at all and that entirely not true because it is a type of encryption. Let me give you a example, how does one make a encrypted virus? you can make you code look like completely random characters and the code will do absolutely nothing. But there are ways to encrypt code and still make it run perfectly as it was before. If you can explain to me what my code is doing and give me a reason that what im doing in my code that voids the definition of what encryption is, then you can tell me what encryption is and what it isn't. Because this is exactly what it says encryption is.

You are not understand the point in this, you dont want anyone in the file to see what the password file has in it or where it's location is while creating the password, because if the code was as plain as day then anyone could just go to that folder and find your password. Your acting like an absolute nuisance, when you desire to ever do actual research on the information then you can tell me what encryption is, because five seconds of a quick google search will easily tell you that you are wrong.
don't believe me do it.

[zask]

We are trying to help you here, the least you can do is listen.  There is no need for going all defensive and trying to show off when someone tries to help you.  And before you ask, yes, I understand encryption, as does BC.

Encryption and hashing are two completely separate things.  You should NEVER encrypt a password, you should hash it, it's that simple.  Yes, if you are storing bank details they should be encrypted as you can't work with a hash of them in many cases but this is completely different for passwords.  I know that both BC and I have build many systems that handle passwords and we have implemented these password hashing systems many times before.  Remember, hashing and encryption are completely different things!

Obfuscating the code as you have done is certainly okay if you need to hide the functionality from people who have the file, this is common practice with web frontend code (although it's not perfect).  This however is no substitute for properly hashing a password.  We are not talking about the code being obfuscated here, nothing wrong with that, we are talking about the password not being hashed.

Trying to help me? u got it wrong im not being defensive. your basically telling me that it's not encrypted because i added random letters to the variables, thats not the encryption, you are focusing on what you are seeing instead of focusing on what the program is doing. I dont have to waste my time on people who are trying to tell me that i dont know what encryption is. do you not know how long ive been doing this? You need to understand what the deffinition of encryption is, not what you think it is based on what you seen in differently in other code.

[patio]

Your acting like an absolute nuisance, when you desire to ever do actual research on the information then you can tell me what encryption is, because five seconds of a quick google search will easily tell you that you are wrong.

Quote of the Month Finalist...

[camerongray]

Fine then, I won't help you...  Maybe in the future bear in mind that some people are trying to help you because they have done what you are doing tonnes of times before and therefore know the best way to do things and give up some time to help you because they like seeing people learn and want people to succeed.  And before you claim I don't know what encryption is, I've studied multiple university courses on encryption - I don't normally bring academic qualifications into things like this but I do know what I'm doing.  And again, there is nothing wrong with encrypting/obfuscating the source code but you still need to hash the password.

There is nothing wrong with knowing where the password file is, by hiding the password file all you are doing is creating security through obscurity.  For example, on UNIX machines the passwords are stored in /etc/shadow, this is universally known - That file is not encrypted, it stores hashes of passwords, totally secure!

And to be clear, if you want me to spend some time and explain password hashing to you, I'm more than happy to, but I won't when you are being rude and not listening to us trying to help.

[Salmon Trout]

Lol Butter plz XXL

You are the movie; you don't get to eat popcorn.