Re: How to securely store a password on a PC

Several issues here:
1. The original request was to allow users AND the service share the same
password - so locking the data to ONE account will not solve that problem.
(And I assume that it is not only 1 specific user but should allow users A,
B, C AND the service pair-wise share the particular user's password data.)
2. You can remove the debug privilege from the service - but it won't help
restricting the admin (who HAS debug privilege - or can add it back) to debug
the service.
3. Even if you somehow would disable the debugging of the service an admin
(or somebody with physical access and login privilege to the computer) still
has access to EVERYTHING on the computer so - with enough time and patience -
the code (server and any part of the OS) can be fully analyzed and recover
anything they can access on the computer.
4. Full disk encryption can protect against EXTERNAL attackers (who
otherwise doesn't have login access to the computer) but it can't protect
against users (and admins) of that computer. This is true for all types of
full encryption - not only Vista's BitLocker but any 3rd party solution.

Laszlo Elteto
SafeNet, Inc.

"Paul Baker [MVP, Windows Desktop Experie" wrote:

I am no expert on these things but my first thought was to use Windows Data
Protection (DPAPI) to encrypt it such that the password list is available
only to the account running the service, the password for which should be
very strong, frequently changing and not shared.

http://msdn.microsoft.com/en-us/library/ms995355.aspx

Could the service remove the debug privilege so it cannot be debugged?
Security is not about the secrecy of the algorithm. That always has a good
potential of becoming known. All this really does is prevent someone from
figuring out it is using DPAPI. They could easily guess that it does.

Without being able to authenticate as the account running the service, the
data cannot be decrypted and if an administrator was able to get access to
the encrypted data then so what? It's encrypted.

Honestly, I've never used it and don't know how it works. Perhaps this will
inspire someone who DOES know to step forward with details of how it might
work or an explanation of why it will not.

Paul

"lelteto" <lelteto@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B9B37802-90DD-4111-A9FE-9AA5F2A57CDC@xxxxxxxxxxxxxxxx
You simply CANNOT. The short reason is that an admin can always DEBUG your
service and can find the point when the password is retrieved / used
within
the service's code. Same goes for trying to protect against anybody having
full physical access to the computer. Eventually - since ALL information
needed for run your service, and, hence, ALL information needed to get to
the
password - an attacker could find the password and decrypt the data.

On the other hand, if you just want to protect it from other users, you
can
simply use access control (ACLs) - either on the data file or on the
password
file.

That doesn't mean you cannot make it harder to an attacker to find it. You
can use code obfuscation, password obfuscation, etc. But that just
increases
the work factor and ultimately does NOT provide protection.

Laszlo Elteto
SafeNet, Inc.

"Sebastian Daser" wrote:

Hi All,

I would like to write an application consisting of two components: The
first
one should be a GUI that allows a user to encrypt and store a file on a
PC
(using a provided password or the users Windows password or a security
token), the second component should be a service (running on the same PC)
that is able to decrypt the file using the previously provided password,
the
users password or security token).

My problem: How can I store the provided password securely on the PC (for
use by the service) in a way that other users (even administrators) are
not
able to acquire it, even if they try to reverse engineer or disassemble
the
application?

Is there a way for an application running on the user's account to
acquire
the users password or some sort of a security token which cannot be
acquired
by other users (even administrators)?

Which .NET framework assemblies may be used to accomplish the tasks?

Any help would be most appreciated!

Thanks and best regards
Sebastian Daser
Softfount IT Solutions



.

Relevant Pages

  • Re: Is OS X login password good enough?
    ... it is not considered Good Enough security. ... Don't put anything on your computer you consider sensitive or protect the sensitive stuff somehow. ... Good enough security for a road-warrior who wants to take reasonable steps to protect their laptop contents from thieves, ... Create a non-admin account that can can do very little but open the Finder, use the web and play some games. ...
    (comp.sys.mac.system)
  • File Encryption
    ... I wasn't logged into Administrator ... account appears to be the only account whose security ... my certificate and security information is intact (the ... related files, encryption keys, etc). ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Possible PayPal security problem
    ... Subject: Possible paypal security problem ... Protecting the security of your PayPal account is our primary concern, ... full number associated with that card. ... Thanks for your patience as we work together to protect your account. ...
    (Security-Basics)
  • Re: Web.config or App.config Security
    ... protected by encryption, so the goal should be to protect the encryption ... >> will handle the decryption, so decrypted data will go in your ... bad security is better than no ...
    (microsoft.public.dotnet.security)
  • Re: Possible paypal security problem
    ... We are currently performing regular maintenance of our security ... Protecting the security of your PayPal account is our primary concern, ... full number associated with that card. ... Thanks for your patience as we work together to protect your account. ...
    (Security-Basics)
Loading