Re: Hidden Application Data
- From: rossum <rossum48@xxxxxxxxxxxx>
- Date: Sat, 22 Mar 2008 19:00:39 +0000
On Sat, 22 Mar 2008 11:28:42 -0700 (PDT), sternr <SternR@xxxxxxxxx>
wrote:
Hey,If you must keep things locally then do not store the
I have a commercial application, that needs to store the user's id and
password on the local machine, and we'd like to hide it from our users
(to prevent frauds etc.).
How can I store my application's data in a hidden way?
And don't tell me the obvious solutions: hidden file, registry key
etc. - isn't there a more reliable\hidden way?
Thanks ahead
--sternr
username/password but instead store a cryptographic hash of the
username/password. For extra security use some random salt as well.
For a new application you should use SHA-256 as the hash. For
cryptographic salt see
http://en.wikipedia.org/wiki/Salt_(cryptography).
When the user enters their username and password calculate:
hash = SHA-256(username || password || salt) (|| = concatenate)
Store the hash and random salt locally. When the user next enters
their password repeat the calculation and compare the hash values. If
there is a mismatch then do not allow the user access. Each user
should have their own different salt.
Cryptographic hashes are designed so that it is not possible to run
them backwards and deduce the original text from the hash value. The
salt is to make dictionary attacks more difficult.
rossum
.
- Follow-Ups:
- Re: Hidden Application Data
- From: sternr
- Re: Hidden Application Data
- References:
- Hidden Application Data
- From: sternr
- Hidden Application Data
- Prev by Date: Re: SV: Interesting notice regarding pointers
- Next by Date: Re: Windows Service Application Restart
- Previous by thread: Re: Hidden Application Data
- Next by thread: Re: Hidden Application Data
- Index(es):
Relevant Pages
|
