Re: Encrypting passwords

From: "Eugene Gershnik" <gershnik@xxxxxxxxxxx>
Date: Tue, 23 Aug 2005 11:13:10 -0700

David Lowndes wrote:
>> I have an application where a user enters a password, which is to
>> be used the next time the user wants to invoke the application.
>> The password is to be encrypted before being stored in the
>> registry.
>
> If you only need to target Windows 2000 and later operating systems,
> you could use the DPAPI facilities which are really easy to use -
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/windataprotection-dpapi.asp

If you need to target NT you can use
LsaStorePrivateData/LsaRetrievePrivateData also documented in MSDN.

>> I would just need simple XOR encryption/ decryption.

In that case why won't you just store the password in clear text? Assuming
you are going to use a fixed key, a XOR-ed password stored in the registry
can be broken in about 2 minutes.

--
Eugene
http://www.gershnik.com

.

Follow-Ups:
- Re: Encrypting passwords
  - From: Nikolaos D. Bougalis

References:
- Encrypting passwords
  - From: SD
- Re: Encrypting passwords
  - From: David Lowndes

Prev by Date: Re: And CAsyncSocket shows the same symptoms !
Next by Date: Re: FindFirstFile
Previous by thread: Re: Encrypting passwords
Next by thread: Re: Encrypting passwords
Index(es):
- Date
- Thread

Relevant Pages

Re: How to determine whether a volume supports short names?
... David Lowndes wrote: ... >> I can find numerous ways to check the long names support. ... > NtfsDisable8dot3NameCreation registry entry in ...
(microsoft.public.win32.programmer.kernel)
Re: File Association in Dialog-Based Application
... I just didn't have much info on making the required registry changes in a way that would be reliable long-term. ... Jonathan Wood ... "David Lowndes" wrote in message ... using AddDocTemplates(). ...
(microsoft.public.vc.mfc)