My approach to this is trying to hide the password using steganographyc techniques over disguised files. e.g. store the password in a .dll file in System32 folder (where many of windows and third party dlls are stored) using a steganographyc method. Since DLL files are several KB long files, you have to fill your file with dump data, besides this allows you to store your "treated" password at an arbitrary intermediate position in the file (not the begining nor the end). Of course this is not infallible but a harder to discover method. cheers :) Juan C Calderon Application Security Auditor -----Original Message----- From: pablo gietz [mailto:pablo.gietzat_private] Sent: Tuesday, July 29, 2003 1:14 PM To: secprog Subject: Password Hiding Hi all This is my first post, What can I do to hide a password that is used to encrypt-decrypt a config.file? . Where to save the password?. The program must run without user intervention and use this password to access that file. Language: Delphi Platform: windows Thanks -- Pablo A. C. Gietz Jefe de Seguridad Informática Nuevo Banco de Entre Ríos S.A. Te.: 0343 - 4201351 La información y archivos contenidos en este mensaje son confidenciales y para utilización exclusiva de los destinatarios consignados. Si Usted no reviste ese carácter, no se encuentra autorizado para divulgar, copiar,distribuir o retener todo o parte de la informacion y archivos, y deberá notificarlo de inmediato al remitente y eliminarlo de su sistema. Muchas gracias.
This archive was generated by hypermail 2b30 : Wed Jul 30 2003 - 13:37:12 PDT