Re: accessing protected storage and/or crypto API

From: "Mark Yudkin" <myudkinATcompuserveDOTcom@xxxxxxxxxxxxxx>
Date: Tue, 25 Apr 2006 08:15:09 +0200

The simple answer is don't do it. The longer answer merely expands on the
shorter one by adding words like gross negligence. Use a smart card or some
other security technology. Reversible encryption of passwords is equivalent
to publishing the password for all to see.

If you absolutely must store credentials, use the LSA secrets area of the
registry. See the Platform SDK under Security - Management - Using
Maangement - Using LSA Policy - Storing Private Data. The documention is a
bit messay as it says to use LsaStorePriateData, but the reference thereto
says not to, but to use CryptProtectData instead.

Keith Brown's book on Programming Windows security has full explanations and
source code. I know of no VB6 sample code for this.

Finally, when your system gets broken into as somebody has discovered the
password, don't complain here.

"Andy Fish" <ajfish@xxxxxxxxxxxxxxxx> wrote in message
news:eCdsSy7ZGHA.4424@xxxxxxxxxxxxxxxxxxxxxxx

Hi,

I am looking for a way to store usernames and passwords for my vb6
application.

From my searches in MSDN I have found the PStore COM APIs which seem to do
what I want, However, there are notices in the documentation saying I
should use the CryptProtectData etc APIs instead but these don't seem to
be anything like a direct replacement (as they don't cover actually
storing the data, only encrypting it), and also they look a lot more
complicated to use

also, I can't find any sample code in vb6 for either of these APIs

can anyone point me at any useful info on how to achieve this?

Andy

References:
- accessing protected storage and/or crypto API
  - From: Andy Fish

Prev by Date: Re: how to change Z-orders of Windows
Next by Date: Re: winxp hibernate
Previous by thread: Re: accessing protected storage and/or crypto API
Next by thread: Re: accessing protected storage and/or crypto API
Index(es):
- Date
- Thread

Relevant Pages

accessing protected storage and/or crypto API
... I am looking for a way to store usernames and passwords for my vb6 ... what I want, However, there are notices in the documentation saying I should ... I can't find any sample code in vb6 for either of these APIs ...
(microsoft.public.vb.winapi)
Re: Authenticating Users with Active Directory in Access?
... APIs are Application Programming Interfaces - sets of routines, ... what does the "apis" mean in your "active ... > directory apis" search parameter? ... >>> many passwords already, I seek code that I can use to ...
(microsoft.public.access.security)
Example Code To verify user name and password from table.
... Does anyone out there have some sample code that shows ho I could save usernames and passwords to a table and use the list to restrict access to certain forms in a database? ...
(microsoft.public.access.modulesdaovba)
Re: using md5 but want sha-1
... The corresponding class is called SHA1Managed - i would recommend moving to SHA256Managed if you can. ... Especially for passwords i would recommend using PasswordDeriveBytes or Rfc2898DeriveBytes. ... I was reading that md5 is not that secure and that sha-1 or whilpool or ripemd-160 were better solutions. ... Where can I find a sample code for that with sha-1. ...
(microsoft.public.dotnet.framework.aspnet.security)