Does anyone know how to securely store passwords in the text file. I have an local application on C# in VS with login window and I need to store user passwords. I know about hashing and encrypting, but the problem is that anyone can delete passwords file or change data in it. Is there any way to solve this problem? My attacker model is a user with administrator rights.
Thanks, everyone! I've solved the problem by running a service that keeps the file open, so you cannot edit or delete it unless you shutdown the service. It's not the best solution I think, but it's working.
Like others have said, it depends on your threat model. If the locally stored password will be used to validate ANYTHING, then it need's to be encrypted, and stored in an encrypted database/file.
Are you storing this password locally in order to SAVE the users password for a remote login?
Or are you storing this password to actually validate the users login data? (In general you don't want to do this, because as others have stated, you can't trust files on the users side.)
The best solution would be to use a remote server to store the password, and to also validate the login data.
However..
There is no one size fits all security model. It depends on your needs, the users needs, the type of service you are providing, and accordingly the level of security this application needs. (An MSN Chat account doesn't need the same security as a bank login.)
Your original question was how to prevent user editing of a local password file:
You need to encrypt the file when saving it. (also hash the stored password with sha256, using a salt)
Then in your application decrypt the password-file(in memory), then read the password hash from it to use in your application. In addition to this you could store the decryption key/salts for the file/password remotely. Your app needs internet access to fetch the key/salt, then decrypt the local file/password.
More Reading & Code References: