4

What is the best method for saving passwords on a computer so that they can not be accessed? I would like to store them in the Registry encrypted. I would like you to be able to reset the password but this is not for the server. This is for storing them on a computer to remember them and sign in automatically.

IMPORTANT EDIT: I need to be able to retrieve the plain-text password from within the program, just not anywhere else.

Phoenix Logan
  • 1,198
  • 3
  • 15
  • 30
  • 2
    http://stackoverflow.com/questions/1054022/best-way-to-store-password-in-database/ – Mitch Wheat Feb 04 '13 at 02:35
  • Please post the answers using the answer question button, not in the comments. – Phoenix Logan Feb 04 '13 at 02:43
  • erm, No! That's a link. Clicking on it is quite easy... – Mitch Wheat Feb 04 '13 at 02:43
  • 2
    You've answered your own question. Encrypted in the registry. Done. – Simon Whitehead Feb 04 '13 at 03:03
  • I would suggest use Hash method with Random Salt to encrypt the password as Hash is one way function so difficult to crack and with Random salt it makes it difficult for attacker to get exact password http://crackstation.net/hashing-security.htm http://msdn.microsoft.com/en-us/library/system.security.cryptography.rngcryptoserviceprovider.aspx – sumeet kumar Feb 04 '13 at 03:26
  • 2
    The asker need the actual password. If he only needed to check the password against one provided by the user, a hash would work. Since he needs to use the password to log in online, a hash will not work. – John Colanduoni Feb 04 '13 at 03:39
  • @PhoenixLogan I updated my answer with a solution to your problem. It is quite involved but the only way to add permissions that Windows does not recognize itself. – John Colanduoni Feb 05 '13 at 05:36

2 Answers2

3

CryptProtectData and CryptUnprotectData are your best bet on Windows. They encrypt the data using login credentials, so the passwords are safe from attacks to the disk. However, they can be accessed by any program running under the same user. I would recommend storing them in a file whose permissions prevent other programs from accessing them (such as a file that requires administrator privileges to access).

The managed class ProtectedData uses these function, so it can be used from C#.

You can also use these functions directly using P/Invoke. There is some example code that does exactly that here.

Expansion in response to additional requirements:

There is a way to ensure that your program is the only one able to access the password without needing your program to be launched with administrator privileges, though it will take a lot more work.

The basic idea is this: you create a Windows service that is installed when you install your application. It should be launched on demand from your application when it wants to store/retrieve the user's password. The service will simply provide read/write access to a file with permissions set so that only administrators can read/write it. The additional security comes from the IPC connection to the process, which will use a Named Pipe. You can then use GetNamedPipeClientProcessId (sorry, you need P/Invoke) to authenticate the request by looking up the process ID of the client that connected to the pipe.

Depending on how worried you are about security, you can verify the process ID using code signing, if you have access to a valid certificate. Or, you can verify the checksum of the executable or something of that nature.

This is the only way I can think of to create the security you are looking for on Windows. Your application should also use ProtectedData to encrypt the data before handing it over to the Windows service to protect against hard disk attacks.

John Colanduoni
  • 1,496
  • 14
  • 18
  • My program shouldn't need administrator priveliges to open the password file... And this has to be accessible through the program only. – Phoenix Logan Feb 04 '13 at 02:51
  • 2
    Windows' permission model does not support this. If your program can access it without getting additional permissions, then any program running as the same user can access it. – John Colanduoni Feb 04 '13 at 02:57
  • I have added a link to a C# example. – John Colanduoni Feb 04 '13 at 03:04
  • 1
    The closest you can get is to use the "secondary entropy" feature, which will perform additional encryption on the password. You can then store this secondary key within your application. Unfortunately, anyone could easily reverse engineer your application and retrieve the key you use, so this only serves to slightly obfuscate the password. – John Colanduoni Feb 04 '13 at 03:06
  • 2
    The ProtectedData class is the managed wrapper for DPAPI, don't need to use p/invoke... (unless you are on a low .net version) http://msdn.microsoft.com/en-us/library/system.security.cryptography.protecteddata.aspx – Matt Feb 04 '13 at 06:03
  • @Matt Ah, I was not aware of this wrapper, I have added it to the answer. Thanks! – John Colanduoni Feb 04 '13 at 06:10
-1

I believe what I'm looking for is AES. This seems like an easy way to store a password. Of course, this is only for remembering a password on the computer so the user does not have to type it.

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Phoenix Logan
  • 1,198
  • 3
  • 15
  • 30
  • 1
    The problem is that this only shift the issue to where you want to store your AES key. There is no good solution for this problem, but `ProtectedData` with `CurrentUser` protection scope gets closest. Building something yourself with AES probably isn't such a great idea. – CodesInChaos Feb 04 '13 at 15:20
  • I'll probably hard code the key into the program. Is this insecure? If the program is disassembled will someone be able to figure out the key? – Phoenix Logan Feb 04 '13 at 21:48
  • I'm going to look into it. I'll do some research on AES and see what happens. – Phoenix Logan Feb 05 '13 at 02:16
  • @PhoenixLogan Yes, this is no better than the "secondary entropy" feature I detailed above, and actually worse since it doesn't use the user's login to protect the data stored on the hard disk. – John Colanduoni Feb 05 '13 at 05:39
  • I'm not worried about other users being able to obtain the information, moreso of the fact that any program may be able to access the information. Spyware and passwords DO NOT MIX. – Phoenix Logan Feb 06 '13 at 22:47