-2

Does anyone know how to securely store passwords in the text file. I have an local application on C# in VS with login window and I need to store user passwords. I know about hashing and encrypting, but the problem is that anyone can delete passwords file or change data in it. Is there any way to solve this problem? My attacker model is a user with administrator rights.

Thanks, everyone! I've solved the problem by running a service that keeps the file open, so you cannot edit or delete it unless you shutdown the service. It's not the best solution I think, but it's working.

AvEnGeR
  • 11
  • 3
  • encrypt them and store them in a database storing in a file is not very secure in my opinion.. – MethodMan Feb 29 '16 at 18:49
  • You can't.... You cannot control what a user will do with the files on their system. – Meirion Hughes Feb 29 '16 at 18:50
  • 2
    You can't trust data that an attacker can modify. What is your threat model? – SLaks Feb 29 '16 at 18:51
  • @MethodMan Where will you store the encryption key? – zaph Feb 29 '16 at 18:57
  • Elaborating on @SLaks define the attacker, their skill, motivation, how much effort and time they will spend. Define the value of that is being protected in monetary units ($$). Then come up with a work factor that meets you needs. Keep in mind that protecting against the device used can never be 100% secure. – zaph Feb 29 '16 at 19:00
  • we currently have a process and method that when a user creates a password and or changes it ..we store the pass word in sql server.. we have a method that will compare what the user types into the login and compares completely what was typed in case sensitive etc.. then if the user forgets the password and needs to have one reset.. we have a web service that handles all of that and sends them to a https location where they enter in particular information based on our corporate email .. I have also done something similar Password Hashing with SQL Server 2008 – MethodMan Feb 29 '16 at 19:01
  • 1
    It is a really bad idea to save passwords in a DB, at a minimum save them salted and hashed instead. – zaph Feb 29 '16 at 19:02
  • @AvEnGeR Is the application on a device (phone/tablet) or a server? – zaph Feb 29 '16 at 19:04

2 Answers2

0

Like others have said, it depends on your threat model. If the locally stored password will be used to validate ANYTHING, then it need's to be encrypted, and stored in an encrypted database/file.

Are you storing this password locally in order to SAVE the users password for a remote login?

Or are you storing this password to actually validate the users login data? (In general you don't want to do this, because as others have stated, you can't trust files on the users side.)

The best solution would be to use a remote server to store the password, and to also validate the login data.

However..

There is no one size fits all security model. It depends on your needs, the users needs, the type of service you are providing, and accordingly the level of security this application needs. (An MSN Chat account doesn't need the same security as a bank login.)

Your original question was how to prevent user editing of a local password file:

You need to encrypt the file when saving it. (also hash the stored password with sha256, using a salt)

Then in your application decrypt the password-file(in memory), then read the password hash from it to use in your application. In addition to this you could store the decryption key/salts for the file/password remotely. Your app needs internet access to fetch the key/salt, then decrypt the local file/password.

More Reading & Code References:

Encrypting Files in C-Sharp

Sha256 Hashing with Salt in C-Sharp

Using Remote SQL Databases in C-Sharp

Community
  • 1
  • 1
Jscix
  • 86
  • 1
  • 6
  • 1. Where would you save the encryption key for the encrypted file? This moves what is secret but does increase the work factor. 2. "you can't trust files on the users side" but you can't trust them on the server side either! At a minimum the server needs 2-factor authentication with good control over the second factor. – zaph Feb 29 '16 at 19:24
  • It depends on the security level of the application. For something very secure you should never store any password data locally. If the security isn't prioritized as much you can store the (encrypted password) as an (encrypted string.) in an (encrypted file.) With the (keys to decrypt the local file & password) stored as static strings inside the application. (Which is vulnerable to disassembly.) But hey, this app isn't a bank account, right? – Jscix Feb 29 '16 at 19:27
  • I agree with increasing the work factor. On some platforms disassembly can only be done by jailbraking the device, installing hacker tools, executing the app and examining the code in memory. – zaph Feb 29 '16 at 19:29
  • Feel free to suggest alternatives. I'm not a security professional. Just a programmer. :) – Jscix Feb 29 '16 at 19:31
  • I am not disagreeing. Security is all about incresing the work factor. Code embedded keys can be very hard to gain access to. – zaph Feb 29 '16 at 19:32
  • Ah. In addition you could also store the decryption string remotely for the local password & file. So they would need to gain access to a remote server in order to access them. Which is more difficult than disassembling software(in general). – Jscix Feb 29 '16 at 19:36
0

expanding zaph comment: use hashing.

Run the users password through a good hash function (SHA2) and store the hash.

When the use enters a password and you want to check it, run their input through the same hash function and see if you get the same hash.

THis is more secure since you are not storing something that can be converted back to the password and stolen

pm100
  • 48,078
  • 23
  • 82
  • 145
  • Almost, but don't use a hash function, use an HMAC or better yet PBKLDF2 or bcrypt. If you can keep the salt secret (or at least make it hard to get) it will be hard to an attacker to replace an entry in the file. – zaph Feb 29 '16 at 19:22