Protecting Password

Re: Protecting Password

On Tue, 15 May 2007 13:15:19 -0700, Jeff Williams
<jeff.williams_ NO_SPAM@hardsof t.com.auwrote:
I've got to say, this sounds like a really bad idea to me, especially if
you think you cannot trust the students with the actual username and
password. If you provide any mechanism for the student to elevate his
privileges, you open the computer to attack. The student himself may find
a way to hijack the privilege elevation, or it could just be that the
process itself allows for privilege elevation by some malware or something.

There should be *no* application that isn't specifically involved with
administrating the computer that requires Administrator rights. For the
badly written software out there that does insist on doing things that
only Administrators are allowed to do, there are other ways around that.
In XP, this generally involves changing permissions for specific system
resources, but my understanding is that in Vista the OS can virtualize
areas of the computer to allow an application without administrator rights
to still work, without actually making system-wide changes (the changes
wind up just local to the user running the application).

That said, I'll attempt to offer what little I do know (while continuing
to discourage you from doing what you want to do :) )...
You're talking about encrypting the data, so it seems to me you ought to
be able to store it wherever you like. In the user's user.config file,
for example.
If I recall, there's a whole crypto namespace in .NET you could use for
something like that, including being able to keep strings encrypted in
memory to make it harder to capture the data.
Well, IMHO one important thing to keep in mind is that if the user has
software capable of decrypting and using the data, and that software will
run within that user's privileges, then there will always be *some* way
for that user to get at the data. Now, perhaps you can make it so hard
for the user to do so that it's just not worth it to them, but you can't
prevent it altogether. #1 rule for computer security: anything you hand
over to the user is no longer secure, no matter what you do to it.

It's possible that you could set up some sort of service that deals only
in encrypted data, and which somehow uses encrypted data to provide the
necessary user token needed to elevate your privileges. But if you have
that, then I suspect it would be vulnerable to a man-in-the-middle attack
whereby your user emulates the system you've set up to obtain such a token
directly.

I'm no security expert, and there may be some approach that Vista and/or
built-in components for .NET provides that would allow you to save
privilege-elevation data in a way that allows the user to take advantage
of it, but only with applications you've approved. But even if you
accomplish that, you've still opened a security hole. IMHO, it's just
better to avoid the whole problem in the first place. Don't run software
that requires admin rights when it's not actually administrating the
computer, and/or address the issue through careful manipulation of the
security permissions for system resources rather than just granted blanket
admin privileges to the user (even if you think you can accomplish it in
what appears to be a limited way).

Pete

Re: Protecting Password

On Wed, 16 May 2007 06:15:19 +1000, Jeff Williams
<jeff.williams_ NO_SPAM@hardsof t.com.auwrote:
Others have talked about the dangers of this.
How often does the data change? You can either store it, encrypted,
in the application code if it does not change much and you are
prepared to recompile as needed. If it changes more often then keep
it on disk or equivalent.

How secure do you want it? Is this critical enough to store on a USB
Stick in a locked safe?
Again how secure do you want it? How much cryptographic expertise do
you expect the students to have? How motivated will they be to break
the encryption? For example, does the password allow them access to
exam questions before the exam? C# includes AES (=Rijndael) which is
very secure or System.Security .SecureString, which encrypts its
contents. For a much simpler and much easier to break encryption just
use XOR. Whatever encryption you use there is still the problem of
where you store the decryption key.
You must avoid having the password (or the key to decrypt the
password) in clear text in your source.

A simple example using XOR encryption:

static string ReadCodedPasswo rd() {
// Should be read from disk.
return "elephant";
}

static byte[] ReadDecryptionK ey() {
// Should be read from disk.
byte[] key = {0x16, 0x1D, 0x10, 0x19, 0x1A, 0x13, 0x0B, 0x18};
return key;
}

static string DecryptPassword (string cyphertext) {
byte[] key = ReadDecryptionK ey();
StringBuilder sb = new StringBuilder(c yphertext);
for (int i = 0; i < sb.Length; ++i) {
sb[i] = (char)(key[i] ^ sb[i]);
}
return sb.ToString();
}

static void Main() {
string codedPassword = ReadCodedPasswo rd();
Console.WriteLi ne("The secret password is: {0}",
DecryptPassword (codedPassword) );
}

No, the secret password is not "elephant". You will have to run it to
see.

rossum