0

i am creating a C# application (with .NET framework 4.6.1), which needs to communicate with an SNMP agent over SNMP-V3.

I found myself baffling with the question of how should i store the SNMP credentials. i obviously cant hash them, because they are needed as plaintext when i'm initializing the SNMP manager, and i also don't want to force the user to enter them every time the application starts, because that could happen a few times per day.

The application is to be deployed on several computers, on a closed network, so i can't access to any cloud services.

I have come up with some techniques i can do this, and can't figure out which is the best for my use case:

  1. prompt the user for the credentials at the installation, or at the first launch of the app, encrypt it using Microsoft's DPAPI, and decrypt it whenever needed for SNMP communications
  2. Same as 1, but encrypt is using the user password (i have a login, and the login password is obviously hashed and salted).
  3. I have found this project on github, which uses the Windows credentials manager- is this a valid option?

To me 2 seems like the most robust way, but i then go into several problems, because i can have many users in the system and i would have to do this for every user, and i am not sure it has any advantages in a security point of view.

The scenario i am supposed to face is one where i have an attacker inside the closed network, but if he has control over the machine running my app, it's game over right? and if that is the case, why even bother with securing the passwords at all?

Any tips and enlightenment will be highly appreciated.

Thanks.

Meydanb
  • 109
  • 1
  • 12

1 Answers1

1

The only difference I see between 1 and 2 is that 2 assumes 1 encrypts the data unsafely (that is a false assumption, DPAPI encryption is good) and relies on the user password (which we do not know if it is safe). That is why I would discard option 2.

Now into the big difference, that would be DPAPI (options 1/2) vs. Credential Manager (option 3) and looking at this security stackexchange post How secure is the Windows Credential Manager? I would choose DPAPI.

So my suggestion would be, go option 1. My reasoning would be:

  • Credential Manager seems to be less safe than DPAPI
  • Relying on the user password strength is problematic because you do not know if it is strong or not.

A minor drawback on Credential Manager (if you finally choose option 3 instead option 1) would be it stores the data in the user profile directory, and accidents happen and it could be deleted by accident.

Cleptus
  • 3,446
  • 4
  • 28
  • 34
  • Hey, thanks for the answer. i do not assume that DPAPI is not safe, i am assuming that if an attacker has code execution on the machine running the app, he could easily get the password. in the case of option 2, the attacker needs to know the user's password (the password the user uses to login to my app). so i guess the answer i am looking for is whether should i go to the trouble of protecting the password from an attacker that has code execution on the computer running my app, or in that case i really have no way of protecting my password. – Meydanb Aug 10 '21 at 07:14
  • @Meydanb thanks for clarifying, the data in DPAPI is not in plain text. If an attacker has code execution running the app, you should not worry about an already safe API (which DPAPI is) but you should protect the weakest link (getting the memory sniffed and the password retrieved from your application). You should really focus on on [SecureString with DPAPI](https://stackoverflow.com/questions/13600773/how-do-i-encrypt-a-securestring-using-dpapi-for-saving-to-disk-without-first-con) – Cleptus Aug 10 '21 at 07:24