Securely storing information

_Richard Faulkner

How do you store and HIDE information (such as passwords) so nobody can find/edit/delete/view them? Richard Faulkner Founder of GallantTechnologies

Colin Angus Mackay

_Richard Faulkner wrote:

How do you store and HIDE information (such as passwords) so nobody can find/edit/delete/view them?

I don't. If "nobody"* can find/edit/delete/view some piece of information neither can your program. By allowing your program access you must be open to the possibility that someone may be able to find/edit/delete/view the information. At this point your strategty must turn to minimising the risk of that happening. In order to do that you need to know what the information is? why it needs to be hidden? What are legitimate reasons to edit it? What are legitimate reasons to delete it? What are legitimate reasons to view (read) it? Information can be placed in many places: files, the registry, in a database, as an embedded resource in an assembly. Information can be hidden by many techniques: encryption, steganography (placing it in highly unusual places, e.g. IP packet headers, in a picture or audio stream) * Which is an empty set

---

Upcoming Scottish Developers events: * Glasgow: Tell us what you want to see in 2007 My: Website | Blog | Photos

Vasudevan Deepak Kumar

You can check out this article http://www.codeproject.com/cs/algorithms/StoringPasswords.asp[^]

Vasudevan Deepak Kumar Personal Homepage Tech Gossips

Duncan Edwards Jones

Never store a password - instead store the one-way encrypted version of the password and test any input against that. (RSA or SGK[^] is a good example)

'--8<------------------------ Ex Datis: Duncan Jones Merrion Computing Ltd