0

We have an application server, which needs to access passwords to login to other services etc. In our current implementation the passwords are saved in a plaintext file, which obviously isn't the best solution. What are "the got to" approaches in these scenarios? I'm fairly new to this so open to suggestions.

What I was thinking of was somehow encrypting the file itself, so it can't be opened normally but can be read by a c# programm - this level of security would suffice - but I wouldn't know how to achieve this.

Side info: I don't need any reset features and aren't storing user passwords or anything. Just "constant" passwords for services to login to.

Edit: We have a sql database and are managing it with SQL management studio

What I found: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption As i understand it, this is a windows feature which encrypts and stores passwords but makes them decryptable also. Any experience with this?

Related questions but no real answers there: How should I ethically approach user password storage for later plaintext retrieval?

Oliver
  • 101
  • 9
  • Is switching to SQL database out of the question here? – annoyingnoob Feb 21 '20 at 08:55
  • Ah - sorry i have to add this to the question: We do have a database and are managing it with sql management studio – Oliver Feb 21 '20 at 08:58
  • You should probably look into password hashing. https://crackstation.net/hashing-security.htm – annoyingnoob Feb 23 '20 at 07:40
  • @annoyingnoob yeah but isn't the point of hashing that it is irreversible? In my case i would like to extract the password as plaintext. Sure i could encrypt it with a certain algo and decrypt it again in my application and probably no one will guess what i encrypted it with, but still. – Oliver Feb 24 '20 at 10:58

0 Answers0