storing the username and password information

G

Guest

I am developing a backup application.
I have a provision where users from different domain can login and then do
backups.
My question is ,once they login I need to store the info,i.e their username
and password should be stored securely somewhere,so that whenever next time
the backup runs it uses these stored credential to authenticate.
I was thinking of using a xml file to store the iformation and do hashing to
the password.
But how do i retrieve the password back after hashing?? so that my backup
application can use it again to authenticate?
Is there any other way to do this?
Thanks and regards
 
M

Morten Wennevik

Hi MVB,

When checking for the correct password you don't unhash the original
password but rather hash the new one and compare the result. If the same,
the password should be correct.
 
G

Guest

The thing here is ,there won't be any new password.
The user will login just once and I have to save all these crendentials
somwhere so that I can use the username and passwords lateron during backing
up different domains

Thanks and Regards
 
J

John M Deal

Hashing isn't what you're looking for if you need to get the original
password back. What you'll need to look at are the one of the
bidirectional encryption methods (symmetric or asymmetric). The issue
that exists with these methods is that they rely on the storage of a
"master" key that is used to encrypt and decrypt the password.

You'll want to look at the Cryptography namespace for encryption and
decryption of your user's information. Then how you store the master
key will be up to you, but some of the available options are: use DPAPI,
run your application under a specific identity then protect a file
containing your key using the Encrypted File System, or perhaps run your
application under an identity then use simple ACL protection on the file
(there are lots of other options that I'm sure you can find references
to). Just realize that storage of the key is likely to be the hardest
part of this and that at a certain point you are going to have to make a
choice between cost, robustness, security, and risk. Hope this helps.

Have A Better One!

John M Deal, MCP
Necessity Software
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Storing username and password 2
Reset password from USB boot 4
Identifying UserName and password used 3
SHA1 Hashing on different machines 2
Issue in passing username and password credentials 1
Entity Framework Return Value from Stored Procedure - Getting Error 1
How to get username/password info of a windows service user accoun 2
Username and password login. 10

Top