I get how to store passwords on a server, but what about a client that will automatically login to the server? What's the best way here? Should I store a hashed password, and have the server double hash? Should I encrypt it? What options are available?
This software will be open source, so any keys used are publicly available.
EDIT:
This is actually a computer program. I can send stuff off like MAC addresses without a problem.
It all depends on the level of security you want to reach :-) Also look here where this topic is discussed in detail: Designing a secure auto login cookie system in PHP
Edit: Even more detailled http://jaspan.com/improved_persistent_login_cookie_best_practice and yet another very very good post about the whole topic: The definitive guide to form-based website authentication look at PART II
As far as I'm concerned, cookies are sufficiently safe to save the password in cleartext. It is only a problem if you have an XSS leak or someone saves it on a public computer, so another person can look it up.
In that case, I would go for the solution you suggested with hash on clientside and double hash on serverside.
EDIT: I just realized, that they can be read out (with ease) when using an (unsecured) WLAN, too, so now it seems to be a bad idea to save them in cleartext.
