I am developing a backup application.
I have a provision where users from different domain can login and then do
backups.
My question is ,once they login I need to store the info,i.e their username
and password should be stored securely somewhere,so that whenever next time
the backup runs it uses these stored credential to authenticate.
I was thinking of using a xml file to store the iformation and do hashing to
the password.
But how do i retrieve the password back after hashing?? so that my backup
application can use it again to authenticate?
Is there any other way to do this?
Thanks and regards

Hi MVB,

When checking for the correct password you don't unhash the original
password but rather hash the new one and compare the result. If the same,
the password should be correct.

--
Happy Coding!
Morten Wennevik [C# MVP]

The thing here is ,there won't be any new password.
The user will login just once and I have to save all these crendentials
somwhere so that I can use the username and passwords lateron during backing
up different domains

Thanks and Regards



"Morten Wennevik" wrote:

> Hi MVB,
>
> When checking for the correct password you don't unhash the original
> password but rather hash the new one and compare the result. If the same,
> the password should be correct.
>
> --
> Happy Coding!
> Morten Wennevik [C# MVP]
>

Hashing isn't what you're looking for if you need to get the original
password back. What you'll need to look at are the one of the
bidirectional encryption methods (symmetric or asymmetric). The issue
that exists with these methods is that they rely on the storage of a
"master" key that is used to encrypt and decrypt the password.

You'll want to look at the Cryptography namespace for encryption and
decryption of your user's information. Then how you store the master
key will be up to you, but some of the available options are: use DPAPI,
run your application under a specific identity then protect a file
containing your key using the Encrypted File System, or perhaps run your
application under an identity then use simple ACL protection on the file
(there are lots of other options that I'm sure you can find references
to). Just realize that storage of the key is likely to be the hardest
part of this and that at a certain point you are going to have to make a
choice between cost, robustness, security, and risk. Hope this helps.

Have A Better One!

John M Deal, MCP
Necessity Software

MVB wrote:
> The thing here is ,there won't be any new password.
> The user will login just once and I have to save all these crendentials
> somwhere so that I can use the username and passwords lateron during backing
> up different domains
>
> Thanks and Regards
>
>
>
> "Morten Wennevik" wrote:
>
>
>>Hi MVB,
>>
>>When checking for the correct password you don't unhash the original
>>password but rather hash the new one and compare the result. If the same,
>>the password should be correct.
>>
>>--
>>Happy Coding!
>>Morten Wennevik [C# MVP]
>>