I have a program, where the password to a database is set by a remote user. The program saves the username and password to an encrypted string in an xml file that otherwise should be human readable. Now, this works fine, I use the C# DES encryption with a key, and it get encrypted and decrypted. Now, the problem is that anyone can use reflector to see the key. Even with obfuscation, the key should be readily apparent. So, how does one deal with this? Now, I don't need this to be NSA secure, but I really would like to prevent anyone from peeking. Thanks.
我有一个程序,其中数据库的密码由远程用户设置。程序将用户名和密码保存到xml文件中的加密字符串中,否则应该是人类可读的。现在,这很好用,我使用C#DES加密密钥,并加密和解密。现在,问题是任何人都可以使用反射器来查看密钥。即使有混淆,关键也应该很明显。那么,如何解决这个问题呢?现在,我不需要这个NSA安全,但我真的想防止任何人偷看。谢谢。
EDIT: Thanks for all of the advice so far, information on this sort of thing is not very widespread, and I really appreciate general tips as well as specific answers.
编辑:感谢您到目前为止的所有建议,有关此类事情的信息并不十分普遍,我非常感谢一般提示以及具体答案。
6 个解决方案
#1
Try using DPAPI (System.Security.ProtectedData class). This protects your encrypted data using the user or machine credentials. So only the user account that's accessing the data (user credentials) or a user that can log in to the machine (machine credentials) will be able to decrypt your data.
尝试使用DPAPI(System.Security.ProtectedData类)。这可以使用用户或计算机凭据保护您的加密数据。因此,只有访问数据的用户帐户(用户凭据)或可以登录计算机的用户(计算机凭据)才能解密您的数据。
#2
This is not really a problem about relector or not. It is about key management. DES and any other encryption scheme relies on keys being changed on a regular basis. Hard coding the key in code obviously violates this. To get around this, you should look into key management.
对于兼职或不是这个问题,这不是一个真正的问题。这是关键的管理。 DES和任何其他加密方案依赖于定期更改密钥。在代码中对密钥进行硬编码显然违反了这一点。要解决这个问题,您应该考虑密钥管理。
EDIT: To elaborate a bit: Depending on you setup, you could store the hashed passwords in the file system and rely on file system/user security or in a database an rely on the database rights.
编辑:详细说明:根据您的设置,您可以将散列密码存储在文件系统中并依赖文件系统/用户安全性,或者依赖于数据库中的数据库权限。
#3
You shouldn't encrypt your password using a secret embedded in your application, that is the root of your troubles. No matter how strong your encryption is, the key is clearly exposed in your code.
您不应该使用应用程序中嵌入的秘密加密您的密码,这是您麻烦的根源。无论您的加密有多强,密钥都会在您的代码中清晰显示。
You should ask your user for the credentials, store the db user/name and password in an ordinary configuration section in your app.config and rely on the DPAPI backed DpapiProtectedConfigurationProvider class to encrypt and decrypt the section for you, using either the machine keys or a user specific key. See the link I provided for a full example how to do this.
您应该询问您的用户凭据,将db用户/名称和密码存储在app.config的普通配置部分中,并依赖DPAPI支持的DpapiProtectedConfigurationProvider类来为您加密和解密该部分,使用机器密钥或用户特定的密钥。请参阅我提供的链接以获取完整示例如何执行此操作。
#4
Unfortunately, there's never a 100% secure way of doing this. You can obfuscate the code, use unmanaged code for secret areas, but since your application is able to read the password again, so can any attacker who puts enough effort into it.
不幸的是,从来没有100%安全的方法来做到这一点。您可以对代码进行模糊处理,对秘密区域使用非托管代码,但由于您的应用程序能够再次读取密码,因此任何攻击者都可以投入足够的精力。
#5
You shouldn't be storing the password encrypted at all. You should be storing it hashed instead, with a one way hash function. See:
您不应该存储加密的密码。您应该使用单向散列函数来存储散列。看到:
#6
We had a similar situation. We ended up putting the key in a file and having the user enter some sort of password (or key using hashing) to be able to read the file. It was the pain of making the user enter more information, but it removes the key from the program.
我们有类似的情况。我们最终将密钥放在一个文件中,让用户输入某种密码(或使用散列密钥)以便能够读取文件。让用户输入更多信息是一种痛苦,但它会从程序中删除密钥。
#1
Try using DPAPI (System.Security.ProtectedData class). This protects your encrypted data using the user or machine credentials. So only the user account that's accessing the data (user credentials) or a user that can log in to the machine (machine credentials) will be able to decrypt your data.
尝试使用DPAPI(System.Security.ProtectedData类)。这可以使用用户或计算机凭据保护您的加密数据。因此,只有访问数据的用户帐户(用户凭据)或可以登录计算机的用户(计算机凭据)才能解密您的数据。
#2
This is not really a problem about relector or not. It is about key management. DES and any other encryption scheme relies on keys being changed on a regular basis. Hard coding the key in code obviously violates this. To get around this, you should look into key management.
对于兼职或不是这个问题,这不是一个真正的问题。这是关键的管理。 DES和任何其他加密方案依赖于定期更改密钥。在代码中对密钥进行硬编码显然违反了这一点。要解决这个问题,您应该考虑密钥管理。
EDIT: To elaborate a bit: Depending on you setup, you could store the hashed passwords in the file system and rely on file system/user security or in a database an rely on the database rights.
编辑:详细说明:根据您的设置,您可以将散列密码存储在文件系统中并依赖文件系统/用户安全性,或者依赖于数据库中的数据库权限。
#3
You shouldn't encrypt your password using a secret embedded in your application, that is the root of your troubles. No matter how strong your encryption is, the key is clearly exposed in your code.
您不应该使用应用程序中嵌入的秘密加密您的密码,这是您麻烦的根源。无论您的加密有多强,密钥都会在您的代码中清晰显示。
You should ask your user for the credentials, store the db user/name and password in an ordinary configuration section in your app.config and rely on the DPAPI backed DpapiProtectedConfigurationProvider class to encrypt and decrypt the section for you, using either the machine keys or a user specific key. See the link I provided for a full example how to do this.
您应该询问您的用户凭据,将db用户/名称和密码存储在app.config的普通配置部分中,并依赖DPAPI支持的DpapiProtectedConfigurationProvider类来为您加密和解密该部分,使用机器密钥或用户特定的密钥。请参阅我提供的链接以获取完整示例如何执行此操作。
#4
Unfortunately, there's never a 100% secure way of doing this. You can obfuscate the code, use unmanaged code for secret areas, but since your application is able to read the password again, so can any attacker who puts enough effort into it.
不幸的是,从来没有100%安全的方法来做到这一点。您可以对代码进行模糊处理,对秘密区域使用非托管代码,但由于您的应用程序能够再次读取密码,因此任何攻击者都可以投入足够的精力。
#5
You shouldn't be storing the password encrypted at all. You should be storing it hashed instead, with a one way hash function. See:
您不应该存储加密的密码。您应该使用单向散列函数来存储散列。看到:
#6
We had a similar situation. We ended up putting the key in a file and having the user enter some sort of password (or key using hashing) to be able to read the file. It was the pain of making the user enter more information, but it removes the key from the program.
我们有类似的情况。我们最终将密钥放在一个文件中,让用户输入某种密码(或使用散列密钥)以便能够读取文件。让用户输入更多信息是一种痛苦,但它会从程序中删除密钥。