|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Encrypted Data Storage ? HowTo ?Im trying to do a new app where i can store most of my passwords, basically
another "Password Keeper" style tool.... Question about this is what is the best way to store the data, as a plain XML or MDB is totally insecure im wondering what other choices i do have and how do i can implement them.. Forgot to mention that im using VB.net 2005... Thanks Why not look at Keith Brown's Password Minder program? He's a known
security expert and put a fair amount of effort into getting this right. He also publishes the source for the tool. http://www.pluralsight.com/tools.aspx Joe K. Show quoteHide quote "Microsoft" <creizl***@hotmail.com> wrote in message news:%23Zs4czkSGHA.1572@tk2msftngp13.phx.gbl... > Im trying to do a new app where i can store most of my passwords, > basically another "Password Keeper" style tool.... > Question about this is what is the best way to store the data, as a plain > XML or MDB is totally insecure im wondering what other choices i do have > and how do i can implement them.. > > Forgot to mention that im using VB.net 2005... > > Thanks > Hi,
The typical behaviour from a password is that you don't store them. Although some new fingertip and eye recognazion tools do that and are build for that like a key. And don't loose your key because than your house is open again. If it about the a password storage tool, than is a newsgroup not the best place how to do that. The method is than without sense because it is direct to search for in Google. There are many methods on MSDN, if I want to search for that, than I search for "Rijndael". In one of those I live. I hope this helps, Cor Show quoteHide quote "Microsoft" <creizl***@hotmail.com> schreef in bericht news:%23Zs4czkSGHA.1572@tk2msftngp13.phx.gbl... > Im trying to do a new app where i can store most of my passwords, > basically another "Password Keeper" style tool.... > Question about this is what is the best way to store the data, as a plain > XML or MDB is totally insecure im wondering what other choices i do have > and how do i can implement them.. > > Forgot to mention that im using VB.net 2005... > > Thanks > Hello!
You wrote on Sat, 18 Mar 2006 02:28:57 -0300: M> Question about this is what is the best way to store the data, as a M> plain XML or MDB is totally insecure im wondering what other choices i M> do have and how do i can implement them.. M> Forgot to mention that im using VB.net 2005... You can take a look at SolFS (http://www.eldos.com/solfs/), which is a virtual file system with built-in strong encyrption and compression. With best regards, Eugene Mayevski You might consider the credit card storage aproach
i.o.w. a one way hash ,,,, the validation data is encrypted with a one way hash algorythm ,,, so the creditcard number that a users entest is also put through this same algorythm and compared to the validation data .. Advantage ,,, No one knows the actuall data except the user , even the database administrator can`t retrieve his password as it is not known to him ( you could even extend this technique to a XML or "flat" file ) here is a verry nice article to give you some idea`s http://www.devx.com/dbzone/Article/26726/0 regards Michel Posseth [MCP] Show quoteHide quote "Microsoft" <creizl***@hotmail.com> schreef in bericht news:%23Zs4czkSGHA.1572@tk2msftngp13.phx.gbl... > Im trying to do a new app where i can store most of my passwords, > basically another "Password Keeper" style tool.... > Question about this is what is the best way to store the data, as a plain > XML or MDB is totally insecure im wondering what other choices i do have > and how do i can implement them.. > > Forgot to mention that im using VB.net 2005... > > Thanks > Michel Posseth [MCP] wrote:
Show quoteHide quote > You might consider the credit card storage aproach How is that going to help? Storing a hash of the passwords so that they > > i.o.w. a one way hash ,,,, the validation data is encrypted with a one way > hash algorythm ,,, so the creditcard number that a users entest is also put > through this same algorythm and compared to the validation data .. > > Advantage ,,, > > No one knows the actuall data except the user , even the database > administrator can`t retrieve his password as it is not known to him ( you > could even extend this technique to a XML or "flat" file ) > > here is a verry nice article to give you some idea`s > http://www.devx.com/dbzone/Article/26726/0 > > regards > > Michel Posseth [MCP] are not retrievable... when the whole point of his app will be to store passwords so he CAN retrieve them, at least that's how I read his question. He just needs a way to store them safely. -- Rinze van Huizen C-Services Holland b.v ouch .......
yes you are right,,, i was totally wrong understanding his intention ,,,,, ( i need to read more carefully before i answer :-) regards Michel Show quoteHide quote "C-Services Holland b.v." <c**@REMOVEcsh4u.nl> schreef in bericht news:dPWdnQvIoO4hOoPZRVnyuw@zeelandnet.nl... > Michel Posseth [MCP] wrote: >> You might consider the credit card storage aproach >> >> i.o.w. a one way hash ,,,, the validation data is encrypted with a one >> way hash algorythm ,,, so the creditcard number that a users entest is >> also put through this same algorythm and compared to the validation data >> .. >> >> Advantage ,,, >> >> No one knows the actuall data except the user , even the database >> administrator can`t retrieve his password as it is not known to him ( >> you could even extend this technique to a XML or "flat" file ) >> >> here is a verry nice article to give you some idea`s >> http://www.devx.com/dbzone/Article/26726/0 >> >> regards >> >> Michel Posseth [MCP] > > How is that going to help? Storing a hash of the passwords so that they > are not retrievable... when the whole point of his app will be to store > passwords so he CAN retrieve them, at least that's how I read his > question. He just needs a way to store them safely. > > -- > Rinze van Huizen > C-Services Holland b.v 
Other interesting topics
WebService Windows Authentication ASP.NET 2.0
Impersonate users and roles SslStream AuthenticateAsServer help Help please, security problem with NET Problems with AzMan interop and CLR 2 Ent. Library w/DB 2 registry access problem Fail mutual authentication from c# client to tomcat 4.1 web servic Extracting certificate from the smart card thru cryptoApi in c# How to use makecert.exe ? |
|||||||||||||||||||||||
