3
votes

I am doing an AES encryption in my C# code, using a key which is generated using PasswordDerivedKey function by passing a password and a salt of 12 byte. I have implemented the logic in my application code and the "password" is the username of the logged in user and the salt is a static byte aray.

What is the best way of storing the password and the salt, as someone can easliy determine the salt (by reflecting my code) and the username of a person.

What are the alternatives I can adopt to store the password and the salt in a secure way. I dont think storing them in my application code is the best way of doing it.

Edit: By password, i meant the passkey used in the PBKDF function (to derive an encryption key) and its not the password provided by the user. I am using Windows Authentication

4

4 Answers

3
votes

Why would you need to store password if it is merely an encrypted version of the windows username?

Anytime you need to encrypt/decrypt you know name of user thus can generate key dynamically.

Salt should never be considered a secure asset. No need to hide it. You should always assume attacker knows the salt. Salt is simply a mechanism to defeat rainbow tables and other fast lookups.

Is there something I am not seeing?

On Edit The issue is misstated in the question. The issue isn't what/how should be stored. That answer is simple. Never store any of the cryptographic data (except salt).

The current implementation creates an encryption key from the username of logged in user. The problem is that is insecure as determining username is rather easy. To get around this one would need to either:

a) accept the implementation is insecure to someone willing to decompile app.

b) ... not a good idea ... hash can change based on groups/roles

c) use a unique secret password for each user.

c is the only secure implementation however it requires prompting the user for a passphrase when encrypting or decrypting.

2
votes

Against whom must be the data be secure? If the currently logged in user is allowed access to the data, but other Windows Authentication users are not allowed access, what you really want is for the data to be encrypted for the particular logged in user. If you have access rights to configure the PC, you might be able to create an Encrypted folder with permissions only for the desired user. This is not 100% secure (you can still intercept the data at various places if you have root access), but your only other reasonable alternative is to add another password.

Alternately, you can simply accept that the protection is weak and provide minimal obfuscation. It depends on the value of the data and the capabilities of your possible attackers. If your attackers have sufficient privileges to Reflect over your assembly on the actual machine, then it's highly likely that they're also Administrator, which means you're pretty much screwed no matter what you do. There are tools that can connect to a running process and monitor its memory, which means they could simply wait until you've decrypted the data and read it from memory.

1
votes

Best way to keep the salt is to generate it on runtime and keep it per session along with other user stuff such as username and password:

  • use signs in and provide username/password
  • hash with stored salt and check against password hash
  • create new salt and store it along with the hash

Symmetric encryption (or even asymmetric) is not at all recommended for passwords. You not to hash it which is just one-way.

1
votes

I added this as an second answer because it is a different solution. I just thought of it tonight because I am working with this class (trying to reverse engineer kindle encryption).

You may want to look into the Protected Data Class

http://msdn.microsoft.com/en-us/library/2c64xe0y(v=VS.90).aspx

This is a class that allows you to store data in the windows cryptographic store.

By using the Protect and Unprotect function you can pass data into and pull data from the cryptographic store.

If you didn't want to force the user to create (and remember) an encryption key you could.

1) Check to see if current user has encryption key in the store.

1a) If not then create a random encryption key

2) Use key to encrypt file and store

3) To decrypt retrieve key from store.

4) Another user may be able to access the file but will be unable to get a copy of the key from the store.

A couple caveats. Only the windows user who stored the key can retreive the key. However this can be bypassed depending on environment. If the user has no windows password (or weak windows password) anyone w/ access to machine can run as the user and windows will gladly hand over the key. In a domain environment anyone (admin) who can impersonate the user and modify password can access they key. If user's windows profile is trashed so is the only copy of your encryption key.