How to store a password securely?

qwertzguy

New member
Joined
Jul 24, 2008
Messages
2
Programming Experience
1-3
Hello,

I have an application that has to login on an online service.
And I want peoples to be able to store their password for that online service in my application so that they don't need to enter it each time they launch my application.

The thing is how do I store this password safely? So that someone that has access to the computer cannot find the password.

Because if I encrypt the password and put it somewhere (registry or a file) then I'll have to encrypt it with fixed passphrase, and thus, anyone who would do disengeneering/decompiling of my application (which is quite easy with VB .Net applications) would know the passphrase and would then be able to make a program to automatically fetch and decrypt the password stored by my application on the computer.

I want a system like the one used by Windows Live Messenger or Outlook to store passwords in a secure way.


Thank you for your advices and help!
 
well...

ok man, idk u could go to the microsoft developers network site and find a few samples. here is a link to the site,

http://msdn.microsoft.com/en-us/library/eha65w94.aspx Visual Basic Security Samples

uhm, most programs are decryptable, so just make a strong encryption of your own, or do something like send it securely to the server, and the server sends an encrypted version of it to store on the computer, but thats also dangerous, but at least someone couldnt just break the code from the application that encrypts it and then decrypt it, they'd have to get to your server computer(which should be equipped with many firewalls, for security reasons) like i'd get behind a router, or sonicwall or something to block all ports, except those you'd want open, and then your personal firewall on your computer(windows firewall) and then some kind of program that reads any incoming data to the computer that came through the firewalls on open ports, and forwards the information to your program if you deem it neccessary. but there are plenty of security samples out there, and i would also "implemenent" the IDisposable method too, just for more security reasons on the client side, ok give me feedback
 
Hello joedeene,

Thanks a lot for your help.
I'll check out the link you gave me and think about the idea of using a distant server for encrypting. (the only problem is that i'll need to use the same server for decrypting I guess, otherwise I'll need to have the decryption method in my program which then makes it unsafe again.)

I'll tell you about how things will go on.


Thanks.
 

Latest posts

Back
Top