Storing Passwords for a Desktop Application

Monday, 2 March 2009 14:35 by RanjanBanerji

This post is more about seeking solutions rather than providing any.  I am building a simple application at home and decided to encrypt some data that the application saves.  This decision has led me to many questions about how to retrieve a password if the user forgets it.  So far I am not too satisfied with the answers.  There are many solutions to the questions and perhaps they will all work.  But somehow I am not satisfied.  Oh! I should add that I am seeking solutions that are restricted to a single computer.  No Internet access, no networks, LDAP, etc.  So no hand shakes with public and private keys.

In order to encrypt any data I need a key.  The creation of a key can be based on:

  1. User provides a password from which I derive the key.
  2. User provides a password using which I encrypt and hide the key.

Let's say I use option 1.  The user provides a password and the password itself is the key.  Now what if the user forgets the password?  How do help retrieve the password?  The application could store the password in a secondary location but then anyone can retrieve the password from the secondary location and if the hard drive crashes then even the application cannot retrieve it.  I suppose I could tell the user to save this password in another location but that just seems blah.

If I use option 2 then:

  1. I can use a key from a given set of keys such that at any time the data can be decrypted and re-encrypted using a new password. 
  2. Alternatively a key can be generated using some logic that can be repeated to reproduce the key. 

There are flaws with these two approaches too:

In option 1 if I had a fixed set of keys from which any one is assigned at the time of installation then how will I secure these keys?  After all anyone could get to the data once these keys are known.  I could encrypt them and put them in a configuration file?  Encrypt them in my installer and decrypt and use one of the keys?  Well if I encrypt them then where do I keep the key to encrypt and decrypt this collection of keys?  We seem to have circled back to the original problem.

In option 2, any logic to generate a key can be used for both good and bad reasons.  So I don't really see much security here.

Unless I am missing something the only secure option is for the user to remember their password.  If they don't then they lose their data.  Or are their other options?

Categories:  
Actions:   E-mail | Permalink | Comments (0) | Comment RSSRSS comment feed