Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Managing deployed passwords

Posted on 2005-03-07
1
Medium Priority
?
245 Views
Last Modified: 2013-12-03
Our application is built on top of a database.  So when it gets installed on a customer's machine, our application is the "DBA"--the only entity with full admin priviledges.  In the past I've stored DBA passwords within the application executable.  But I can easily find them by doing a search on these strings in a hex editor.  Of course, I can find it quickly because I know what I'm looking for.  Still, a dedicated person could find it with some effort.  

Another method I've used is to--rather than store it as a string--build it byte by byte using a function.  Could this solution still be easily cracked or is it fairly secure?

How can I effectively protect a password that needs to be deployed with an application?  If the answer is secret-key encryption, how would I protect the secret key?  And so on...

thanks
0
Comment
Question by:kevinbenedict
1 Comment
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1200 total points
ID: 13478001
That can be a tough road to hoe... one-way hash's such as the way M$ stores the user passwords in the SAM database can be cracked very quickly nowadays, by using programs like RainBow Crack, all possible combinations can be written to a file, then searched for, and the pass is effectivly recovered in minutes.

If you can "pack" the executeable with a packer, then the pass would likely not be visible in a hex editor in the same fashion it is now. you can unpack the exe an then look for it to be sure. packers like UPX http://upx.sourceforge.net/ or even compressors like PEcompact http://www.collakesoftware.com/ there are encoders (not encrypters) that can help also...
http://www.woodmann.com/crackz/Packers.htm (good tutourials on cracking, what to do and not to do) http://woodmann.com/crackz/
http://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/

I'm no programmer, or program hacker, but I've read a few books on the subject. This may be a better question on the DB or Programming foums of EE.
There seem to be no end to the packer,compressor,encrypter and encoding programs out there... http://www.ewoss.com/search.aspx?k=encryption+software&s=1
using google you can find many links to this software.
-rich
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question