RE: Password Hiding

My approach to this is trying to hide the password using steganographyc techniques over disguised files.

e.g. store the password in a .dll file in System32 folder (where many of windows and third party dlls are stored) using a steganographyc method.

Since DLL files are several KB long files, you have to fill your file with dump data, besides this allows you to store your "treated" password at an arbitrary intermediate position in the file (not the begining nor the end).

Of course this is not infallible but a harder to discover method.

cheers :)

Juan C Calderon
Application Security Auditor

-----Original Message-----
From: pablo gietz [mailto:pablo.gietz@nuevobersa.com.ar] Sent: Tuesday, July 29, 2003 1:14 PM
To: secprog
Subject: Password Hiding

Hi all
This is my first post,
What can I do to hide a password that is used to encrypt-decrypt a config.file? .
Where to save the password?. The program must run without user intervention and use this password to access that file.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Language: Delphi

Platform: windows

Thanks

--
Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351


La información y archivos contenidos en este mensaje son confidenciales
y para utilización exclusiva de los destinatarios consignados. Si Usted
no reviste ese carácter, no se encuentra autorizado para divulgar,
copiar,distribuir o retener todo o parte de la informacion y archivos, y
deberá notificarlo de inmediato al remitente y eliminarlo de su sistema.
Muchas gracias.