How to hide sensitive text and passwords in Scratch projects

🏠 Questions›How to hide sensitive text and passwords in Scratch projects

💡 Need help with advanced Scratch security techniques? Want to learn encryption methods? 🚀 Get Expert Help

CW

CodeWizard_Sam

Posted on June 27, 2016 • Advanced

🔐 Protecting sensitive information in multi-stage puzzles

I’m creating an interactive puzzle game where players complete a Scratch game to get a password, then use that password on my website for the next stage. The problem is that anyone can view the Scratch project code and see the password directly!

I need a way to:

• Hide the actual password from being visible in the code
• Give players the password only after completing the game
• Connect the Scratch game to my external website securely

Has anyone dealt with this kind of security challenge before? Any clever solutions? 🤔

👍 Like (18)💬 Reply🔗 Share

SE

SecurityExpert_Mike

Replied 6 minutes later • ⭐ Best Answer

Excellent question @CodeWizard_Sam! This is a classic security challenge. Here are several proven methods to protect sensitive information in Scratch projects:

🔒 Method 1: One-Way Encryption (Recommended)

Instead of storing the actual password, use encryption to verify it without revealing it:

flowchart TD A[🎮 Player Completes Game] --> B[Generate Solution Key] B --> C[Apply Encryption Algorithm] C --> D[Compare with Stored Hash] D --> E{Match?} E -->|Yes| F[✅ Show Success Message] E -->|No| G[❌ Try Again] F --> H[Display Encoded Result] H --> I[Player Uses on Website] J[🔐 Original Password] --> K[Never Stored in Project] L[📊 Encrypted Hash] --> M[Visible in Code - Safe!] style A fill:#e1f5fe style F fill:#e8f5e8 style K fill:#ffebee style M fill:#f3e5f5

    // Create these variables:
// [known_string] = 'PUZZLE_COMPLETE'
// [encrypted_result] = 'XYZ789ABC' (pre-calculated)

when flag clicked
set [user_input v] to []
set [verification_result v] to []

// When player completes the puzzle
when I receive [puzzle completed v]
ask [Enter the solution you found:] and wait
set [user_input v] to (answer)

// Simple encryption example
set [encrypted_input v] to []
repeat (length of (user_input))
set [char v] to (letter (counter) of (user_input))
change [encrypted_input v] by (join (encrypted_input) ((unicode of (char)) + [5]))
end

// Check if encrypted input matches stored result
if <(encrypted_input) = (encrypted_result)> then
say [Congratulations! Your website code is: SECURE_ACCESS_2024] for (5) seconds
else
say [Incorrect solution. Keep trying!] for (2) seconds
end
  

🧩 Method 2: Puzzle-Based Password Generation

Make the password itself the solution to the puzzle:

• Word Scramble: Password is the unscrambled word
• Math Puzzle: Password is the final calculation result
• Pattern Recognition: Password is the discovered pattern
• Maze Solution: Password is the minimum steps needed

    // Example: Math-based password
when flag clicked
set [puzzle_numbers v] to [7, 13, 21, 34, ?]
say [Find the next number in the sequence] for (3) seconds

ask [What's the next number?] and wait
if <(answer) = [55]> then
// Fibonacci sequence: each number is sum of previous two
set [website_code v] to (join [FIBO] (answer))
say (join [Your website access code is: ] (website_code)) for (5) seconds
else
say [Think about how each number relates to the previous ones...] for (3) seconds
end
  

🌐 Method 3: External Validation System

For maximum security, use a cloud-based verification system:

    // Using cloud variables for secure validation
when flag clicked
set [☁ player_progress] to [0]
set [☁ session_id] to (join [USER_] (pick random (1000) to (9999)))

// When puzzle is completed
when I receive [puzzle solved v]
set [☁ player_progress] to [100]
wait (1) seconds

// Generate time-based code
set [current_time v] to (days since 2000)
set [access_code v] to (join (☁ session_id) (current_time))
say (join [Your unique access code: ] (access_code)) for (10) seconds
  

⚡ Method 4: Dynamic Code Generation

Generate passwords based on player actions or game state:

    // Password based on player's completion path
when flag clicked
set [path_code v] to []
set [completion_score v] to [0]

// Track player choices throughout the game
when I receive [choice made v]
change [path_code v] by (join (path_code) (choice_number))
change [completion_score v] by (10)

// Generate final code when game ends
when I receive [game complete v]
set [final_password v] to (join [PATH] (path_code))
set [bonus_code v] to (completion_score)
set [website_key v] to (join (final_password) (bonus_code))

say (join [Website access key: ] (website_key)) for (8) seconds
  

💡 Pro Tips:

• Never store the actual password as plain text in variables
• Use multiple validation steps to increase security
• Consider time-limited codes for extra protection
• Test your encryption method thoroughly before deployment

The key is making the password derivable from the puzzle solution, not stored directly in the code! 🔐

👍 Like (67)💬 Reply🏆 Mark as Best Answer

CW

CodeWizard_Sam

Replied 1 hour later

@SecurityExpert_Mike This is absolutely brilliant! 🤯 The encryption method is exactly what I needed!

I implemented the puzzle-based approach where the password is actually the solution to a word puzzle. Now players have to solve the riddle to get the code, and there’s no way to cheat by looking at the source!

Quick follow-up: Is there a way to make the encryption even more secure for really sensitive applications?

👍 Like (12)💬 Reply

AD

AdvancedDev_Lisa

Replied 2 hours later

@CodeWizard_Sam For maximum security, you could implement a double-encryption system:

    // Advanced double encryption
define double_encrypt (input) (key1) (key2)
set [temp_result v] to []
set [final_result v] to []

// First encryption layer
repeat (length of (input))
set [char v] to (letter (counter) of (input))
set [encrypted_char v] to ((unicode of (char)) + (key1))
change [temp_result v] by (join (temp_result) (encrypted_char))
end

// Second encryption layer with different algorithm
repeat (length of (temp_result))
set [char v] to (letter (counter) of (temp_result))
set [double_encrypted v] to ((unicode of (char)) * (key2))
change [final_result v] by (join (final_result) (double_encrypted))
end
  

This makes it virtually impossible to reverse-engineer the original password! 🔒

👍 Like (34)💬 Reply

VB

Vibelf_Community

Pinned Message • Moderator

🔐 Master Advanced Security Techniques

Fantastic discussion on Scratch security! For developers working on complex multi-platform puzzle games, our expert tutors can help you implement:

• 🛡️ Advanced encryption algorithms
• 🌐 Cross-platform security systems
• 🔑 Dynamic password generation
• ☁️ Cloud-based validation systems
• 🎯 Anti-cheat mechanisms

🚀 Learn Advanced Security Techniques

📚 Related Security Topics

• Building secure multiplayer games
• Protecting user data in Scratch
• Creating tamper-proof scoring systems

Ready to build bulletproof security into your projects? Get expert guidance from our security specialists!

📌 Pinned👍 Like (203)💬 Reply