Menu
I'm creating a C# application that will lock out functionality (key combinations, windows task bar, etc.) in a Kiosk-style environment. One of the requirements is that some people should still be able to break out of the application using a key combination and a password.
The application itself is completely done, but I have not found a good way to store and check against a password. Everything should be stored locally (there is not check against a network database or whatever). How can I define a password for unlocking my application while also making this flexible (the ability to change the password without recompiling the application). How can I accomplish this in a secure way?
875
Store a secure hash of the password, it doesn't need to be reversible.
When someone enters a password you hash that by the same algorithm and check it matches the hash.
Because you never store the actual password it's secure.
I recommend using a key stretching algorithm like PBKDF2. .Net has support for this using Rfc2898DeriveBytes or you can use System.Web.Helpers.Crypto.
66
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
