Secure software string encryption in windows?

N

Nikita2015-04-06 15:56:06

.NET

Nikita, 2015-04-06 15:56:06

Task: there is an open source program. In its ui, the user enters a password. The password must be saved to disk. encrypted. .net/C#
But the question is more conceptual - is there some way to securely encrypt the password (hashing is not suitable) so that a third-party program with the same rights and under the same user on the same computer could not decrypt it?
It is assumed that the method of generating a private key is known for open source. + There is no external server for communication.
PS: Are there any options other than the master password entered by the user before starting to work with the program? Maybe there is something like DPAPI, but bound to a process/executable file? Instead of to the user in system? Or is it possible to have a closed .dll option for the cryptography method + obfuscation here?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

V

Vitaly Pukhov, 2015-04-06
@Neuroware

use a token - an electronic key, everything else is easy to open if you have access to the source software

V

Vitaly Sergeev, 2015-04-06
@enkryptor

The task is not fully formulated. When and under what conditions should the program itself (and not the attacker) decrypt the password? And should it? Why hashing is not suitable?
Encryption involves creating a ciphertext based on the original string plus some key. The key may be asymmetrical, but it must be. It is by definition impossible to encrypt without a key.
Thus, first you need to decide what will be the carrier of this key - the aforementioned master password, or a data block received from the server, or a file stored separately, or a usb token, or the like. Then think about implementation.