|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
01-14-2009
| #1 (permalink) |
| | How to securely store a password on a PC Hi All, I would like to write an application consisting of two components: The first one should be a GUI that allows a user to encrypt and store a file on a PC (using a provided password or the users Windows password or a security token), the second component should be a service (running on the same PC) that is able to decrypt the file using the previously provided password, the users password or security token). My problem: How can I store the provided password securely on the PC (for use by the service) in a way that other users (even administrators) are not able to acquire it, even if they try to reverse engineer or disassemble the application? Is there a way for an application running on the user's account to acquire the users password or some sort of a security token which cannot be acquired by other users (even administrators)? Which .NET framework assemblies may be used to accomplish the tasks? Any help would be most appreciated! Thanks and best regards Sebastian Daser Softfount IT Solutions |
My System Specs |
|
01-14-2009
| #2 (permalink) |
| | Re: How to securely store a password on a PC use integrated windows authenitcation. users with an account on the machine, and with appropriate rights will be able to use the application. On Jan 14, 3:32*am, Sebastian Daser <SebastianDa...@xxxxxx> wrote: Quote: > Hi All, > > I would like to write an application consisting of two components: The first > one should be a GUI that allows a user to encrypt and store a file on a PC > (using a provided password or the users Windows password or a security > token), the second component should be a service (running on the same PC) > that is able to decrypt the file using the previously provided password, the > users password or security token). > > My problem: How can I store the provided password securely on the PC (for > use by the service) in a way that other users (even administrators) are not > able to acquire it, even if they try to reverse engineer or disassemble the > application? > > Is there a way for an application running on the user's account to acquire > the users password or some sort of a security token which cannot be acquired > by other users (even administrators)? > > Which .NET framework assemblies may be used to accomplish the tasks? > > Any help would be most appreciated! > > Thanks and best regards > Sebastian Daser > Softfount IT Solutions |
| My System Specs |
|
01-15-2009
| #3 (permalink) |
| | RE: How to securely store a password on a PC You simply CANNOT. The short reason is that an admin can always DEBUG your service and can find the point when the password is retrieved / used within the service's code. Same goes for trying to protect against anybody having full physical access to the computer. Eventually - since ALL information needed for run your service, and, hence, ALL information needed to get to the password - an attacker could find the password and decrypt the data. On the other hand, if you just want to protect it from other users, you can simply use access control (ACLs) - either on the data file or on the password file. That doesn't mean you cannot make it harder to an attacker to find it. You can use code obfuscation, password obfuscation, etc. But that just increases the work factor and ultimately does NOT provide protection. Laszlo Elteto SafeNet, Inc. "Sebastian Daser" wrote: Quote: > Hi All, > > I would like to write an application consisting of two components: The first > one should be a GUI that allows a user to encrypt and store a file on a PC > (using a provided password or the users Windows password or a security > token), the second component should be a service (running on the same PC) > that is able to decrypt the file using the previously provided password, the > users password or security token). > > My problem: How can I store the provided password securely on the PC (for > use by the service) in a way that other users (even administrators) are not > able to acquire it, even if they try to reverse engineer or disassemble the > application? > > Is there a way for an application running on the user's account to acquire > the users password or some sort of a security token which cannot be acquired > by other users (even administrators)? > > Which .NET framework assemblies may be used to accomplish the tasks? > > Any help would be most appreciated! > > Thanks and best regards > Sebastian Daser > Softfount IT Solutions |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Securely licensing products for use with VPC | Virtual PC | |||
| Securely comparing vista folders | Vista security | |||
| Securely delete messages in windows Mail? | Vista General | |||
| Securely delete messages in windows Mail? | Vista mail | |||
| Securely delete messages in windows Mail? | Vista security | |||
