G
Guest
Let's take yet another step back: _why_ do you need the key constantly
Because it's a "password remember" feature for a windows app, to enable the
application to logon to SQL servers that don't use windows authentication, so
that the user of the PC doesn't have to constantly type in the password every
time he uses it.
It's nothing to do with sending an encrypted message down a wire and
decrypting it again at the other end, and I don't control the part of the
software that decides whether or not the password is valid, it must be
enclosed in the connection string.
To log on to SQL server
The connection string
Only the person that stored it (the application stores it when they type it
in for the first time)
Again, please take on board that I don't have control of the part of the
software that decides whether the password is valid. That is SQL server.
Here goes again, then:
Someone being able to produce a "crack program" that enables the layman to
find out his colleague's SQL server password by running the "crack program"
on his computer when he's not looking, the crack program working by reading
my application's registry key.
I think CryptProtectData will enable me to do this.
persisted in software on the client?
Because it's a "password remember" feature for a windows app, to enable the
application to logon to SQL servers that don't use windows authentication, so
that the user of the PC doesn't have to constantly type in the password every
time he uses it.
It's nothing to do with sending an encrypted message down a wire and
decrypting it again at the other end, and I don't control the part of the
software that decides whether or not the password is valid, it must be
enclosed in the connection string.
What do you need this key for
To log on to SQL server
, what
data are you trying to protect
The connection string
, who needs access to this data
Only the person that stored it (the application stores it when they type it
in for the first time)
, how do
you plan to know she is the right person to have access to said data?
Again, please take on board that I don't have control of the part of the
software that decides whether the password is valid. That is SQL server.
What threats do you envision and are trying to protect against?
Here goes again, then:
Someone being able to produce a "crack program" that enables the layman to
find out his colleague's SQL server password by running the "crack program"
on his computer when he's not looking, the crack program working by reading
my application's registry key.
I highly recommend "Writing Secure Code" by Michael Howard et al [1]. It
has a chapter on storing secrets securely on Windows machine. All of
them essentially boil down to trusting Windows authentication: if the
person managed to log into her Windows account, you assume that she is
indeed who she says she is.
I think CryptProtectData will enable me to do this.
[1] http://www.amazon.com/exec/obidos/tg/detail/-/0735617228
--
With best wishes,
Igor Tandetnik
With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going to
land, and it could be dangerous sitting under them as they fly
overhead. -- RFC 1925