3

I need to create a .NET application that will store some confidential information to the database (e.g. passwords and stuff). I could use symmetric encryption to encrypt these before I store them to database but if someone de-compiles source code symmetric password could be compromised.

Since this is going to be service application I cannot ask a user to provide symmetric password. I also cannot use a password that is Machine related as this data will be read from different computers.

What would be the best way to do this?

Update: Hashes does not work for this case... cause someone needs to enter valid password to validate it against hash and this is not the case. Information must reside in the database but it will be retrieved by windows service applications (no users here). There is no one to enter password and validate it against hash, so I need to retrieve the original password...

Improve this question
5
  • Passwords should be salted and hashed and the hashed stored. Commented Sep 24, 2009 at 12:04
  • Hashes does not work for this case... cause someone needs to enter valid password to validate it against hash and this is not the case. Information must reside in the database but it will be retrieved by windows service applications (no users here). There is no one to enter password and validate it against hash, so I need to retrieve the original password... Commented Sep 24, 2009 at 12:14
  • Why would there be any need to "use" the users password? This seems a weird way to work with useraccounts. Commented Sep 24, 2009 at 12:19
  • 5
    Anne, you are downvoting people because you didn't state your question right, the update wasn't there before the answers about hashes were given. That seems quite unfair. Commented Sep 24, 2009 at 12:21
  • You need to define your threat model before anyone can give useful answers. What threats are you trying to guard against? What threats are you not trying to guard against? Commented Sep 24, 2009 at 15:22

4 Answers 4

Reset to default
2

You could use Database Level encryption (assuming Sql Server since you said .net) and use Encrypted Connections to Sql Server. This takes care of protection of data while in storage and in transit to the application server.

This takes care of security without any special passwords -- it's based being able to authenticate to the database server. Same as you would have to without encryption.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

The service application still needs to store the database username and password. If she's worried about people decompiling the source of her app, she would probably be worried about people getting at the app config file with the stored connection string for the service as well.
At some point there has to be some credentials stored somewhere -- Preferably not in the complied code, but in a restricted config file. And Network security can be employed to limit database connections to certain computers. However there will always be a way for a hacker to get in. Reminder the corner stone principal of security is that we can't secure anything -- only make it more costly to obtain than it's worth.
1

So you have an application that needs to encrypt/decrypt data, but doesn't require the users to enter passwords to use it? First off, that sounds like a security hole right there - a hacker doesn't need to get the key or a password - they just need to get the application.

In order to do this securely, without storing the key in your application code, you would have to have some kind of password that came from the user that you could use to encrypt/decrypt the "real key" that is used to encrypt and decrypt the actual data.

If you are using a service to access the data, and no password is entered, you could generate a unique string from the machine information and use that as a type of password to encrypt your key.

To do this on multiple machines, each machine would have its own "password" generated from the machine information. This password would be used to generate a key (unique to that machine) which would then be used to encrypt a shared key (which is used to encrypt the actual data). This information would be stored in the database in a simple table with two columns: MachineID and EncryptedSharedKey.

At startup, the service would examine the machine info, generate its password, use that to generate its key, and use that key to decrypt the shared key from the database table. It would then be able to use that shared key to encrypt/decrypt data.

When you set up a new machine with the service, you would have a separate program that would read the shared key from a text file, generate the machine key, create a row in the table with the machine id and encrypted shared key, then delete the program and text file with the un-encrypted shared key in it.

This would be reasonably secure against someone copying your program to another machine, but really just relies on obscurity. If someone figures out how you generate the machine key, and has access to one of the machines with the service on it, they could generate the machine key themselves using the info from the compromised machine.

Improve this answer

Comments

1

When hashing the passwords, the decompiled source code won't give your hackers any chance of breaking passwords.

Improve this answer

1 Comment

Hash does not work for my case... cause someone needs to enter valid password to validate it against hash and this is not the case.
1

Store the password as a one-way hash. When a user enters a password for validation, hash their attempt the same way as the password and verify that the hash results match.

Here is an example in Php, but the concept is the same regardless of language: How to store passwords in databases

Edit

You may want to look into encrypting at the database level. I'm assuming your using SQLServer: http://msdn.microsoft.com/en-us/library/cc278098.aspx

Oracle has similar encyption techniques where the application using the table is unaware of the encryption. If you pair this with encrypted connections by your service to and from the database, you should accomplish what it seems like your after.

Improve this answer

1 Comment

Well... there are no users here and no one is entering passwords... service application need to retrieve information from time to time...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.