Generally, you do not want a cleartext password. The password in the file
should be encrypted using something like PKI.
In a sane world, there would never be a plaintext key; winlogon would
accept an encrypted key and a designation of what algorithm to use to
decrypt it. In an even saner world, this would be handled by the secure
core, but here it is, 2013, and this is still going to happen Real Soon
Now (I was working in related areas of security in 2002, and it was going
to be Real Soon Now).
But first and foremost: NEVER store a cleartext password in a file! One
way to handle this is called “key exchange” where, in the process of
downloading the local copy of the biometric data, the client and domain
server exchange public keys which are used to uniquely encrypt the
passwords for that transfer. You can store the encrypted password and the
public key used to encrypt it in the file. Now, if you can properly
protect the private keys, you have good security. Storing the password as
plaintext is simply Not Acceptable. I suggest that you hire a serious
security consultant to help you on this problem (and no, I’m a security
dilletente, and unqualified for this, so I’m not violating NG protocol by
soliciting business). If you store the passwords in plaintext in the
file, or the biometric data unencrypted, you should simply publish all
this on cracker boards. You will save them a lot of trouble, and
internally everone will uderstand that security has been compromised.
Otherwise, they may believe that their biometric data and passwords are
secure.
One thing I learned working with people who got their PhDs in security was
that the biggest threat to security is programmers who either don’t use
it, or use it improperly. This is a seriously deep question; you MUST get
a security-correct solution, and that translates as either you take a
graduate level security course or hire someone who has.
The designs I worked on were done by competent security experts. I was
impressed by the complexity required to guarantee secure data.
Forget trying to make the file inaccessible. For every way you invent,
there is a corresponding technique that guarantees that an expert cracker
will get it. Make the contents of the file inaccessible by high-order
encryption. That way, even if it is read by some cracker, the information
is still secure. Assume it will be read.
joe
Hi, first of all i am not sure if this is a proper question for this list,
but i really need an answer from professionals.
I develope a biometric single sign-on program. My credential provider dll
downloads the biometric data and domains user password from a web service
over ssl. Then i perform biometric verification, if the user has been
verified, i serialize the password and send to winlogon.
The problem is, if i cannot connect to domain controller, i must still
perform biometric verification, as expected, this requires the user
password and biometric data to be stored in the local disk, which is very
insecure.
I can prevent copying this file when the user logged in but if someone
tries to copy this file from another user or even in offline disk, i give
him the users biometric data and clear password.
Ofcourse i dont want to store clear password but i cannot figure out how
to
login the user otherwise. I suppose winlogon doesnt allow to do that.
Any suggestions are welcome, not only about login, but also hiding this
file from another user or offline disk examine.
Thanks in advance.
NTDEV is sponsored by OSR
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer