I want to encrypt the passwords used in my web application. In normally we will encrypt the passwords and save it to the property file and later we will decode it. But here if the source code is an open source then the attacker can find the decoding method in the source code and can get the password.
Another way is save the password into a key store file and then access it with the key store password. But again same problem is there, attacker can see the key store password.
Could anyone tell me any solution to this?
You could make the secret key an environment variable and then refer to it like that in code (python: os.environ('secretKey')), or (I'm assuming you're storing your code on github) you can store the secret key in a file and add that file to .gitignore
I am, as an exercise, writing an app that act as a password bank. It should fit within these parameters:
Leave no plaintext trace (ie never save un-encrypted user data);
Securely store full datasets for an undefined amount of UN/PW pairs;
2-factor as a bonus (dreamy feature).
Getting things encrypted is easy enough, but here's where it gets sticky:
should each account object be encrypted and stored in its own file or should they all be stored in one file ie: (facebook.whatever, google.whatever) or accounts.whatever.
Further, and probably more importantly, how would I access these encrypted datasets? The key should not be stored, but rather generated from a password, so... salt the password used to log into the app and hash it to be used as a key/seed prng for key? Or is there some better way to do this?
The problem I'm running into is this: the app should not dump wrongly decrypted data from a bad password, so there must be some way to check the password, but somehow that does not decrease the security of the system.
My script is going to use WMI to connect to remote systems and I was looking at this post on how to go about doing so. It looks like I may need to pass in the username and password.
I am executing my script on remote systems with a Java program that runs it and parses the STDIN output.
Is it safe to pass in a password as a variable?
From the Java side the password will be in a property file (or a different method -- I'm not yet sure the best way to go about that, but its a different story) and I'll pass it in when I call the script.
never ever send passwords in plain. Use always a one way hash algorithm like MD5 to encrypt the password entered by a user.
Further never save a password as plain text anywhere. Always store the hash and compare this with the hashed input of the user.
Some articles to start with VBScript:
Is there a method to encrypt passwords stored in a VBS
Encrypting/Hashing plain text passwords in database
http://www.edugeek.net/forums/coding/6951-masking-password-inputbox-vbscript.html
http://social.technet.microsoft.com/Forums/scriptcenter/en-US/1d132da1-2014-4f34-87f5-d787e764995f/save-encrypted-password-in-vbscript
If you are worried about sending the password in plaintext via network for a WMI request:
This link says that if you have Kerberos authentication in use, password/username
cannot be intercepted on the network.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa393720(v=vs.85).aspx
Check if this helps you out.
If you are worried about saving the password on the machine (which you want use for a WMI request):
Encrypt it and store in some db/file, decrypt it whenever you want to send it across
And yes, you should use existing standard encryption mechanisms.
I am developing a console application. This application generates a self signed certificate and installs it in the current machine's certificate store.
The steps involved are :-
Generate a certificate
Create a pfx file
Install the pfx file
For these steps, I would need a password for protecting the private key and the pfx file.
However these passwords are used only during the execution of the exe.
Should I auto generate a password using some random number generation algorithm or accept the password as input from the user?
What are the security issues involved in both the scenarios?
Thanks for all the replies. Life time of the password is only till the pfx file gets generated. The program deletes the pfx file after installing it in the windows certificate store. In such a scenario I guess accepting password from user would not offer any security advantage over auto generating it.
I would like to add to this question further.
Once the password is available to the program how do u secure this password for its lifetime ? I am using .net and have read about secure strings in .net. But the secure string would have to be built from the string which doesn't solve the problem.
the code snippet looks like
string password = AutoGenerateOrGetPassword();
GenerateCertificateAndInstall(password);
How does one protect the password which is stored in memory during its lifetime ?
There shouldn't be any major security level difference or issues whether you auto generate or use a given password.
However, using an auto generated password will guarantee you a certain level of password complexity - this reduces to chances of brute force attack.
Using a given password would mean that someone (physically) knows the password. You won't know how complex the password user entered is going to be. Giving a password 'AAAA' will probably be less secure than a password that is given 'W0R!$%3D'.
Are you going to show the auto-generated password if it is done auto-generated manner?
I'd suggest that you go according to your software requirements. If this is not stated in the requirements, allow the user to choose between auto-generated or enter password.
I think a discussion "accepting passwords vs auto generating the password" is meanless in the context of your qestion if you make shure that the pfx-file is deleted after the import. It will only exist until beeing imported into "machine's certificate store."
If the pfx-file must be backed up or transferd via email/usbstick i prefer the "accepting passwords form user" variant because
Providing an inputform for the password plus implementing some logigic to make shure that the password ist strong enougn is easier than organizing that the user gets its pfx-file and the corresponding password via two independet channels. Sending pfx + password in one email is as secure as having no password at all.
I've found numerous posts on stackoverflow on how to store user passwords. However, I need to know what is the best way to store a password that my application needs to communicate with another application via the web? Currently, our web app needs to transmit data to a remote website. To upload the data, our web app reads the password from a text file and creates the header with payloads and submits via https.
This password in plain text on the file system is the issue. Is there any way to store the password more securely?
This is a linux os and the application is written in python and is not compiled.
Further clarification:
There are no users involved in this process at all. The password stored in the file system is used by the other web app to authenticate the web app that is making the request. To put it in the words of a commenter below:
"In this case, the application is the client to another remote application."
From the question it seems you need to store password in such a way, that it can be read and used in an automated transaction with another site. You could encrypt the password and store it encrypted in the file, then decrypt it using a key stored elsewhere in your system before using it. This makes difficulties to someone that gets access to the file from using the password, as they now have to find the key and encryption algorithm used, so they can decrypt it.
As defense, more lesser defense is always better than one strong defense that fails when breached. Moreover, I would also secure the file containing the password, rather than the password itself. Configure your webserver to disable possibility to serve the file containing the password, and try to set the process needing the file to run under a separate account, so you can restrict the access to the file to account running the process and admin accounts only.
I don't think you will find a foolproof way to do this. I would suggest a combination of things to achieve 'security by obscurity':
store the password file on a different computer than the one which will use it
store the file path in a separate config file on the app nachine
use permissions to limit access to the config and password files to your process only
audit file access if your system allows it (keep a log of who touched the files)
give the folders and files innocuous names (/usr/joe/kittens.txt?)
block physical access to the computer(s) (offsite hosting, or locked closet, or something)
You can use a two-way key encryption algorithms like RSA,
The password is stored encrypted (by a key, which is stored in the user's brain) on the filesystem, but to decode the password, the user must enter the key.
At the very least you should use permissions (if you are on a filesystem which supports them) to ensure that you are the only one able to read the file.
In addition, if your app is compiled, it would not be too difficult to encrypt the password with a hard-coded passphrase. If the code is not compiled this method wouldn't really be helpful, as a would-be attacker could just read the source and determine the encryption.
You can store it as a result of hash algorithm, this is one way algorithm (eg. MD5 or SHA). On authentication you calc MD5 of password typed by user and checking equality with your stored MD5 password hash for this user. If is equal password is ok.
For more information about hasing algorithms you can visit:
http://en.wikipedia.org/wiki/Secure_Hash_Algorithm
http://en.wikipedia.org/wiki/MD5
Is your web application hosted on a farm? If not then a technology such as DPAPI will allow you to encrypt the password so that it can only be decrypted on the machine it was encrypted on.
From memory there can be problems with using it on a web farm though, as you need to go and re-encrypt the value for each server.
If it is a web farm then you probably want to use some form of RSA encryption as has been suggested in other answers.
EDIT: DPAPI is only good if you are hosting on windows of course...
Protecting the Automatic Logon Password
The LsaStorePrivateData function can be used by server applications to store client and machine passwords.
Windows only
I don't think you are understanding the answers provided. You don't ever store a plain-text password anywhere, nor do you transmit it to another device.
You wrote: Sorry, but the issue is storing a
password on the file system... This
password is needed to authenticate by
the other web app.
You can't count on file system protections to keep plain-text safe which is why others have responded that you need SHA or similar. If you think that a hashed password can't be sufficient for authentication, you don't understand the relevant algorithm:
get password P from user
store encrypted (e.g. salted hash)
password Q someplace relatively
secure
forget P (even clear the buffer you
used to read it)
send Q to remote host H
H gets password P' from user when
needed
H computes Q' from P', compares Q'
to Q for equality