Geek Answers Handbook

In-memory credential protection

I get the username and password and save it in the structure.

What can I do to prevent someone from browsing the memory for my process and seeing the username / password of the user?

My first idea was to encrypt the username and password in memory and zero when I finished with it. But then I would have to store the key somewhere in the memory, which could be restored.

Well, it’s very difficult to recover credentials, it’s still possible.

Is there a safer method than this?

+4
source share
3 answers

Take a look at the data protection API . It is used by Windows components as well as third-party software for such a scenario and mainly handles encryption and key management for you.

The keys are tied to the current user password, but you can specify "additional entropy", which is actually the source of operations for additional key material, which can, for example, be obtained from the password entered by the user to protect the credentials of the service.

As for “is there any method safer than this,” I think you need to determine exactly what level of threat you're trying to protect. For other (non-administrative) users on the same computer, DPAPI is probably fine, along with the things you already mentioned, as safely nullifying text. For malicious software running in the same login session, very little will help you.

+3
source

The simplest solution would be to scatter the password in memory. Do not store it as a string. Declare a set of byte variables and scatter the password among them. This does not make the password irrevocable, but it makes it difficult ... an attacker needs access to both the computer and your source (or to reconstruct your binary file) to find out how and where the password bits are stored.

If an attacker has access to your system and your source or to the ability to modify your binary, you will be as good as sending him passwords.

A more likely angle of attack in your scenario would be to capture the password during the transfer of the service, rather than trying to collect it from memory.

EDIT: If you want to significantly increase the complexity of password collection, you can also use dynamic memory allocation to prevent bits from a fixed location in memory. But to be honest, this is outwitting ... it would be just as easy for an attacker to catch a password when you pass it to the service.

+2
source

Hash a password with a good feature (e.g. SHA1 / 2) and keep a digest. If you want to check the password for the saved one, enter the hash and compare the result with the saved one.

The main property of a cryptographic hash function is that it is a one-way function: it is very difficult to calculate the inverse function. This is the reason these features are used in situations like yours.

0
source

More articles:


All Articles