468,103 Members | 1,393 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,103 developers. It's quick & easy.

Protecting Password

I am developing an application which will allow users (students) to run
applications on PC's with elevated rights. This is necessary for some
applications which require Administrator rights on the PC.

I now need to store the local administrator username and password
somewhere where my application can read this from.

I am looking for comments on

1. Recommend place to store this data
2. How to encrypt the username and password
3. Given that c# can re easily decompiled and read the encryption could
be obtained so what protection could be given if any. No I dont want to
use a third party app that encodes the C# exe or dll.

Looking forward to comments.

Regards
Jeff
May 16 '07 #1
2 2269
On Tue, 15 May 2007 13:15:19 -0700, Jeff Williams
<je*******************@hardsoft.com.auwrote:
I am developing an application which will allow users (students) to run
applications on PC's with elevated rights. This is necessary for some
applications which require Administrator rights on the PC.
I've got to say, this sounds like a really bad idea to me, especially if
you think you cannot trust the students with the actual username and
password. If you provide any mechanism for the student to elevate his
privileges, you open the computer to attack. The student himself may find
a way to hijack the privilege elevation, or it could just be that the
process itself allows for privilege elevation by some malware or something.

There should be *no* application that isn't specifically involved with
administrating the computer that requires Administrator rights. For the
badly written software out there that does insist on doing things that
only Administrators are allowed to do, there are other ways around that.
In XP, this generally involves changing permissions for specific system
resources, but my understanding is that in Vista the OS can virtualize
areas of the computer to allow an application without administrator rights
to still work, without actually making system-wide changes (the changes
wind up just local to the user running the application).

That said, I'll attempt to offer what little I do know (while continuing
to discourage you from doing what you want to do :) )...
I now need to store the local administrator username and password
somewhere where my application can read this from.

I am looking for comments on

1. Recommend place to store this data
You're talking about encrypting the data, so it seems to me you ought to
be able to store it wherever you like. In the user's user.config file,
for example.
2. How to encrypt the username and password
If I recall, there's a whole crypto namespace in .NET you could use for
something like that, including being able to keep strings encrypted in
memory to make it harder to capture the data.
3. Given that c# can re easily decompiled and read the encryption could
be obtained so what protection could be given if any. No I dont want to
use a third party app that encodes the C# exe or dll.
Well, IMHO one important thing to keep in mind is that if the user has
software capable of decrypting and using the data, and that software will
run within that user's privileges, then there will always be *some* way
for that user to get at the data. Now, perhaps you can make it so hard
for the user to do so that it's just not worth it to them, but you can't
prevent it altogether. #1 rule for computer security: anything you hand
over to the user is no longer secure, no matter what you do to it.

It's possible that you could set up some sort of service that deals only
in encrypted data, and which somehow uses encrypted data to provide the
necessary user token needed to elevate your privileges. But if you have
that, then I suspect it would be vulnerable to a man-in-the-middle attack
whereby your user emulates the system you've set up to obtain such a token
directly.

I'm no security expert, and there may be some approach that Vista and/or
built-in components for .NET provides that would allow you to save
privilege-elevation data in a way that allows the user to take advantage
of it, but only with applications you've approved. But even if you
accomplish that, you've still opened a security hole. IMHO, it's just
better to avoid the whole problem in the first place. Don't run software
that requires admin rights when it's not actually administrating the
computer, and/or address the issue through careful manipulation of the
security permissions for system resources rather than just granted blanket
admin privileges to the user (even if you think you can accomplish it in
what appears to be a limited way).

Pete
May 16 '07 #2
On Wed, 16 May 2007 06:15:19 +1000, Jeff Williams
<je*******************@hardsoft.com.auwrote:
>I am developing an application which will allow users (students) to run
applications on PC's with elevated rights. This is necessary for some
applications which require Administrator rights on the PC.
Others have talked about the dangers of this.
>
I now need to store the local administrator username and password
somewhere where my application can read this from.

I am looking for comments on

1. Recommend place to store this data
How often does the data change? You can either store it, encrypted,
in the application code if it does not change much and you are
prepared to recompile as needed. If it changes more often then keep
it on disk or equivalent.

How secure do you want it? Is this critical enough to store on a USB
Stick in a locked safe?
>2. How to encrypt the username and password
Again how secure do you want it? How much cryptographic expertise do
you expect the students to have? How motivated will they be to break
the encryption? For example, does the password allow them access to
exam questions before the exam? C# includes AES (=Rijndael) which is
very secure or System.Security.SecureString, which encrypts its
contents. For a much simpler and much easier to break encryption just
use XOR. Whatever encryption you use there is still the problem of
where you store the decryption key.
>3. Given that c# can re easily decompiled and read the encryption could
be obtained so what protection could be given if any. No I dont want to
use a third party app that encodes the C# exe or dll.
You must avoid having the password (or the key to decrypt the
password) in clear text in your source.

A simple example using XOR encryption:

static string ReadCodedPassword() {
// Should be read from disk.
return "elephant";
}

static byte[] ReadDecryptionKey() {
// Should be read from disk.
byte[] key = {0x16, 0x1D, 0x10, 0x19, 0x1A, 0x13, 0x0B, 0x18};
return key;
}

static string DecryptPassword(string cyphertext) {
byte[] key = ReadDecryptionKey();
StringBuilder sb = new StringBuilder(cyphertext);
for (int i = 0; i < sb.Length; ++i) {
sb[i] = (char)(key[i] ^ sb[i]);
}
return sb.ToString();
}

static void Main() {
string codedPassword = ReadCodedPassword();
Console.WriteLine("The secret password is: {0}",
DecryptPassword(codedPassword));
}

No, the secret password is not "elephant". You will have to run it to
see.

rossum
>
Looking forward to comments.

Regards
Jeff
May 16 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by M.C. Radhakrishnan | last post: by
3 posts views Thread by Robizzle | last post: by
8 posts views Thread by Iain Napier | last post: by
21 posts views Thread by solomon_13000 | last post: by
1 post views Thread by darrel | last post: by
1 post views Thread by Solo | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.