Search code examples
c#passwordspassword-protectionpassword-encryptionsecurestring

How to save a password properly

I attemt to write a program, with which you can login to a remote website. For some people having multiple accounts, I try to make it easy for them and store account data in IsolatedStorage. At the current state of my code, the password is just entered in a TextBox and as soon as it's stored converted to a MD5 hash.

Now I'd like to refactor this to proper code, but I got stuck.

A PasswordBox exposes its data through PasswordBox.SecureString and PasswordBox.Password.

So when clicking my save button I'd perform something like

public void OnClick(...)
{
    var password = passwordBox.Password;
    // store it somehow (e.g. custom MD5 encryption)

    var savePassword = passwordBox.SecureString;
    // store this string somehow, but how?
}

Here my questions

  • As soon as I put the plain password from my PasswordBox into var password, is there something visible in memory? Would some hacker be able to make this plain value visible through reflection/debugging? Which code makes these strings actually visible? And what do I need to be aware of?
  • How to handle SecureString of the PasswordBox?

I'm a bit overwhelmed by all this stuff and I can't figure out the essence of how to handle passwords in an application properly, yet.

I'm not pleading for a whole solution and running code. I'd just be glad, if someone can get me started. And also, I don't want an enterprise solution. I'm just searching for one, which is easy to implement and as save as possible for the effort I put in.

Solution

  • Do you really need the password to be reversible?

    A safer way to store it is to salt and hash it.

    User: JOHN

    Password: (starts out as) myUserPassword667!

    Then use some sort of database unique code against the user in the DB. Lets say a GUID.

    Now you have abcd-1234-12-1212121ab as the uniquifier for JOHN

    so you now have a base password(before hashing)

    myUserPassword667!abcd-1234-12-1212121ab

    You can now Hash this with one of the SHA or other hashing algorithms in the System.Security namespace.

    Now you internally have some Salt that you Apply to your hashing algorithm... (Part of your code only)

    MySecretSaltWords559BC

    then store the Result as either a Base64 or Binary in your DB.

    Ab09l\311sas== (simplified)

    Next time the user logs on you find their record in the DB, you get your Unique code that was used when you generated the account and attach to the password they entered.

    Hash the entered password with the same technique and binary compare the result, then you don't need to ever store their password. If the hashes don't match you don't have the same password.