2

I'm creating a simple journal app. I want the user be able to set a custom start-up password.

But what is the best practice? Where do I securely store the password? And I guess it is best to store a hash of the password - how to do that?

Storing the password (or hash) in a easily readable XML file can't be the best option? One can then just open the XML file and delete the hash string, then when on app load there will be no password, right?

Best regards

user1281991
  • 763
  • 1
  • 12
  • 34
  • Why do you want a startup password? Password protecting the journal file sounds like a better idea. By password protecting the journal file, I mean encrypting it with a key that was derived from the password using PBKDF2. – CodesInChaos Mar 24 '12 at 10:47

2 Answers2

2

Let's approach this problem with desire to read your journal. Your ansatz about hashes isn't a bad one, but suppose you do define a startup password, and we store the hash to the password in some XML file. What's stopping me from disassembling your app (which is especially easy to do if we are considering C#, or any JIT-ed language for that matter) and just changing the password validation subroutine to always return true?

What you need is encryption of the actual journal / pages. See the answer to this SO question for a complete rutine that mangles your journal page so that it's safe to save in plaintext, and very hard to retrieve without the password.

You can now also optionally store the hash, and verify its validity for the user; since the actual password will still be needed to open each journal page.

EDIT

This SO answer is even better. Both versions utilize the RijndaelManaged class which is part of .NET framework for encryption and decryption.

Community
  • 1
  • 1
Gleno
  • 16,621
  • 12
  • 64
  • 85
0

Yes, hashing passwords is the best option. It really doesn't matter (in most cases) where you store the password as long as you give the user some way to retrieve it. For example, at startup, the user creates their journal, so a password for the user that they enter is created/hashed. You will also need to ask other information as well such mother's maiden name, first pet, etc. (something the user will know).

Even if someone deletes the hash, the journal is locked and you should not simply ask the user for a new one. User cannot get in unless they verify other information.

You also can use keys that the user can store safely somewhere else (like a file on a USB drive). You can even go further and encrypt the database itself.

Lots of ways to do this, but none full-proof.

Eddie Paz
  • 2,219
  • 16
  • 11