Password Storage In C++

Hmm,

not long ago did i post a question asking how to store password in a super safe manner with limited resources.

Well, I’ve had no luck with getting any answers. So, how would i go about storing passwords in a super secure way on a normal desktop computer with virtually unlimited resources when it comes to this.

If you were to divide all the things that makes safe password storage safe what would those different things be?

NOTE:

I don’t care about existing software because I have to write it myself so don’t post anything related to that.

I’d just use RSA to encrypt the data.

I had a python proof of concept a while back. Let me see if I can find it.


Can’t find the project. :frowning:

Now, as far as the encryption goes, If you’re using python, my recommendation is to use the cryptography module.

2 Likes

Pen and paper, I may be paranoid but after all the breaches on password keepers I can’t trust one. I haven’t needed one that badly just use my memory and a small safe with them written down for important things.

1 Like

Yeah no I’m using c++. I don’t think there is anything built-in. Btw how with the master password for the RSA or AES. Just fyi I’m making a sort of password manager component. Like hash with some algorithm and then salt. But what else?

I’m sort of writing software so I don’t think there is a penandpaper.h file I can include.

If you want it to be secure, you’ll have to enter a passphrase at some point. Unless you implement Gnome keychain or something.

Yeah duh, but how should I store the passphrase?

Gnome keyring?

https://wiki.gnome.org/Projects/GnomeKeyring/

I don’t have any instruction. I am curious however as we progress towards persistent memory architectures. It is good to be be working on the armoring systems. Fill us in on what you have discovered that is unsatisfactory thus far …

It has to be crossplat. Gnome keychain is only for Linux right?

Yeah. I don’t have a solution then. Sorry!

Np, thanks for replying and trying anyways!

1 Like

Hmm? You want to know what I’ve done so far?

Just an overview - the readers digest condensed version

Making a secure password manager is fun.

Made one that’s cryptographicly secure against quantum attacks. The only issues was the stored passwords were over 32MB’s in size thanks to the type of encryption. Not exactly cost effective for scaling. Or data conservation on mobile phones.

1 Like

This is my weak link too. I just use chrome’s manager under my 2fa google account.

Few days ago I saw a review on https://www.themooltipass.com/ but still if the tech dies getting another might be a pain. It seems to use github for the data.

I have NFI what is best. I have made every site I use a individual password that is 32 random letters, numbers and symbols. Javascript off by default and I only white list site I need JS to work. Adblock Plus and privacy badger extensions.

I started something along those lines with the Knights of Python series… But never finished the tutorial…

@Full_Nitrous You can use RSA-4098 and SHA256 to hash and salt the passwords… Actually that should be mandatory nowadays

Personally, I’d use an established password manager for things that aren’t extremely sensitive (forum logins come to mind) or that have good 2FA. I think the general consensus is still that the risk associated with password managers is still much less than using whatever finite number of passwords that you can keep in your head.

Anything that’s really sensitive, then yeah, RSA and SHA it to death and keep it the hell out of the cloud.

1 Like

I’m getting bad. I’ve started forgetting my master passwords. :frowning:

1 Like

What did you use? I’ve read a little about ring-LWE but haven’t gotten around to a good deep dive on all the options.