[ACCEPTED]-How to store passwords in Winforms application?-passwords

Accepted answer
Score: 26

The sanctified method is to use CryptoAPI 8 and the Data Protection APIs.

To encrypt, use 7 something like this (C++):

DATA_BLOB blobIn, blobOut;


Decryption is 6 the opposite:

DATA_BLOB blobIn, blobOut;

CryptUnprotectData(&blobIn, NULL, NULL, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &blobOut);

std::wstring _decrypted;

If you don't specify CRYPTPROTECT_LOCAL_MACHINE 5 then the encrypted password can be securely 4 stored in the registry or config file and 3 only you can decrypt it. If you specify 2 LOCAL_MACHINE, then anyone with access to 1 the machine can get it.

Score: 13

As mentioned, the Data Protection API is 5 a good way to do this. Note that if you're 4 using .NET 2.0 or greater, you don't need 3 to use P/Invoke to invoke the DPAPI. The 2 framework wraps the calls with the System.Security.Cryptography.ProtectedData 1 class.

Score: 4

I found this book by keith Brown The .NET 3 Developer's Guide to Windows Security. It 2 has some good samples covering all kinds 1 of security scenarios. Free Online version is also available.

Score: 2

If you store it as a secure string and save 6 the secure string to a file (possibly using 5 Isolated Storage, the only time you will have a plain text 4 password is when you decrypt it to create 3 your mbstore. Unfortunately, the constructor 2 does not take a SecureString or a Credential 1 object.

More Related questions