I'm writing a NT service (2k/XP) that needs to logon to some remote web services and thus needs access to some passwords that will be entered with an external GUI by the users of the computer where the service runs. I need to strore these passwords in the registry, but don't want them to be readable in plaintext for every user on that computer although every user should be able to set new passwords or overwrite existing ones. I'm looking for a secure solution that is not just based on obscutity (i.e not ROT13 or similar) as the source code for my service will be available to those who might want to spy out other users passwords. I think I cannot rely on user based registry access rights as my service must be able to run without any user looged on to the computer where the service runs. I'd prefer something based to one way hashes (MD5/SHA-1) but the service itself needs the paintext of the passwords to perform the neccessary authentification.
Do you have any idea how to achieve this? And how do other programs like Email clients or Browsers protect their remembered paswords?
Thank you for your help.