Securing data?

Printable View

07-24-2009
canpakes

Securing data?

Okay, so I'm fairly new to c++ programming. For practice, I wanted to create a program to store my data (like passwords and such) but I'm not sure how to go about making that data secure..

Obviously the program itself will prompt the user for a password at the start. If I store the data in a text file, then someone could easily just open it and read it. If I store the information in variables, how will I add new information while the program runs, rather than editing the source code?

I'm just gonna go out on a limb here and assume this is a very dumb question so thanks in advance for your patience ;)
07-24-2009
bithub

Well security is a pretty advanced topic, but there are some things you can do to get some light, simple security.

For instance, instead of storing a password in a file, store a hash of the password in the file. Then when the user enters in a password, your application will hash that password, then check to see if the hash matches the one stored in the file. This way a user cannot just open the file to read the password.

The problem with that is that a dedicated abuser could read your hash from the file, then generate a password that matches the same hash.
07-24-2009
Cactus_Hugger

Quote:

Originally Posted by bithub

Well security is a pretty advanced topic, but there are some things you can do to get some light, simple security.

For instance, instead of storing a password in a file, store a hash of the password in the file. Then when the user enters in a password, your application will hash that password, then check to see if the hash matches the one stored in the file. This way a user cannot just open the file to read the password.

The problem with that is that a dedicated abuser could read your hash from the file, then generate a password that matches the same hash.

I read the OP's post as he was making a program to store passwords of other programs. Since you generally aren't in control of the behavior of the other programs, hashing the passwords makes them useless. (Since you can't enter the hash...)

If this is the case, you would just store the passwords, and encrypt the file containing them. The encryption key is the 'master' password, or some derivative thereof.