Encryption of passwords on disk for open source desktop applications

Question

Is it possible to store passwords on the local system (Windows XP) that can only be accessed by the application itself?

My instinctive answer would be "no". Even if some kind of hashing or encyption is used I would think that as long as the source code is available then the determined seeker could always use this to retrieve the password.

I'm working on a personal open source hobby project in which I would like to give users the option of storing passwords on disk so that they don't need to type them every time they use the software. One example of a password that could be stored would be the one used to authenticate on their network's proxy server.

There are a few related questions here on Stack Overflow and the most appropriate solution sounds like using an operating system service like DPAPI.

Is the basic premise correct that as long as the password is retrievable by the software without any user input, and the source code is open source, that the password will always be retrievable by a (suitably technically and willfully inclined) passer-by?

Answer 1

You could read about the Pidgin developers' take on it here: http://developer.pidgin.im/wiki/PlainTextPasswords.

Answer 2

If the password is retrievable by the software without any user input, then the password will always be retrievable by a (suitably technically and willfully inclined) passer-by. Open or closed source only affects how much effort is involved.

Answer 3

Using the DPAPI in UserData mode will only allow your account on your machine to access the encrypted data.

It generates a master key based off of your login credentials and uses that for the encryption.

Answer 4

Absolutely, you can write a program to store passwords securely.

Using AES, you could have your program generate an AES Key, and have that key stored in an operating system protected area. In WinXP, this is the registry, encrypted with DPAPI. Thus the only way to access the key is to have physical access to the machine.

You need to ensure that when you generate your AES key that you do so in a cryptographically secure manner. Just using RAND won't work, nor will generating a random character string.

Open Source has very little to do with security (in my opinion). Given the level of sophistication in tools for reverse engineering source code, even if you had a closed source solution, people determined to snoop at your code could do so.

Your effort is better spent ensuring that you follow best practice guidelines while using the chosen encryption scheme. I would argue that having your code openly looked at by a larger community would actually make your code more secure; vulnerabilities and threats would likely be identified sooner with a larger audience looking through your code.