In my application i am going to save the password in a file in the machine for easy extraction. I already encrypt the password.But as an extra protection, i would like to shuffle the password before encrypting, so that even if someone decrypt it, it will be no use to him.But before using the password i need to reshuffle it back to original.
I am planning for the same function which can both shuffle and un-shuffle.more like a symmetric shuffle. All codes i wrote were too simple, a shuffle. anyone got any ideas or snippets?
I'm not sure that shuffling is going to provide a lot of extra security. If someone can decrypt the password, then the fact that the characters are in a random order won't put up much of a barrier. They will have all the characters withing the password and would merely need to try them in all possible orders. Something a simple program could do relatively easily.
That being said, any shuffling routine you write would need to have some pattern as to how to shuffle the characters so that it could than unshuffle them. Once this pattern or algorithm is cracked, any password could than be unshuffled. To make the cracking harder, it would be better if the pattern used varied in some way. But you would need a way to track that pattern so you know person A's password was shuffled with pattern X and person B's password was shuffled with pattern Y. You could base the pattern on the something like the number of characters in the password; or include some pattern indicator in with the password. But again, here is seems to me that you would simply be developing a form of very basic encryption.
Joined: Sep 02, 2008
what if i put in a few random characters into the password before scrambling. once unscrambled , i can remove the characters from definite positions. [ December 06, 2008: Message edited by: Arjun Suresh ]
Originally posted by Arjun Suresh: what if i put in a few random characters into the password before scrambling. once unscrambled , i can remove the characters from definite positions.
And what's preventing someone from removing those random characters?
I agree. This doesn't provide any extra security. The encryption is way more harder to break than any "munging". I would put the effort into ensuring that the encryption keys are strong, and keeping the keys safe, than add a few characters and bit shifts.