I have an application written in C#. using Net 4.0 where the user will be storing their e-mail password using System.Security.Cryptography to the user configuration file.
The Actual password is stored in a SecureString, and encrypted using System.Security.Cryptography.ProtectedData.Unprotect(encrypted data, entropy, currentuser)
the password is only converted to a normal string when sending it (soon to be over an https session)
What I’m wondering is given the Entropy value need to stay the same or else you can’t decrypt the password correctly, what’s the best way to keep prying eyes from finding the entropy value, but insure that the entropy value will be constant?
I assume you meen it is protected with protect and read with unprotect.
You don’t need to protect the entropy, its not the key. DPAPI on windows uses the user’s login credentials to generate the key. Effectively, entropy in this case is just like a salt value for a password hash (in fact its probably literally the salt being feed to PBKDF2)
Now, there is a problem with DPAPI: everyone can read the data once you are logged in. E.g. I can write a program that, if it can read your configuration file ( and it probably can) I can make the same call you can and since your logged in, the value decrypts. As a slight mitigation to this, you might want to hard code part of the entropy value in your program and read the other half from the config file> This doesn’t do too much since a motivated attacker could read your binary, but it does do something.