Home/ Questions/Q 6124593
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T16:09:02+00:00

I’m writing a program that, using Rijndael, will encrypt and decrypt files/folders using a

  • 0

I’m writing a program that, using Rijndael, will encrypt and decrypt files/folders using a user chosen password. Currently, when the user wants to encrypt something, they have to enter a password, that password is used to encrypt and when the user is ready to, decrypt the file/folder.

However, I would like to have a “master password” that will allow the user to only enter the password once in a “preferences” portion of the program, and then the program will automatically use that password for all encryption/decryption. This way they don’t have to put in a password every time they want to encrypt/decrypt.

Now, since programs like this are prone to many different kinds of attacks, how do I safely store the user’s “master password” so someone couldn’t get a hold of it? Storing it in the program in plain text is obviously not a good idea, so I could encrypt/decrypt the password with another password, chosen by me, and stored in the program.

However, again, if someone gets access to the password chosen by me to encrypt/decrypt the master password, then they could decrypt the master password and again, that wouldn’t be good.

SO! How do programs safely do this?

Currently I’m saving the “master password” by encrypting it using my own, chosen password, and storing it in a User-scoped setting. If you think this isn’t a good idea, please tell me why and what would you change about the process I currently have implemented?

Thank you!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Do you know why websites won’t tell you your password when you lost it and they ask for a new one?
    Because they don’t know it. Yes, they don’t know it. They hash it and hash it good so they can only check your input password’s hash against the one in the database.

    Why all that?
    Because they cannot store it safely.
    They cannot encrypt it safely.

    This is a similar case.
    The best way is not to use a master password.

    When you encrypt a file, ask for a password and encrypt with the hash of the password.
    When decrypting, do ask for a password and attempt to decrypt.
    If it fails then it’s wrong.
    If it’s okay then it’s the right one.

    You can add some (shorter) dummy data before the file’s contents that you can use to check the key.

    If you try to use that to store the master password, you will enter an infinite loop of security, which is not a good idea.
    You’ll encrypt the password, and then encrypt the key used and then encrypt the key used to encrypt the first key etc.

    Edit: I am sorry about the discouraging nature of this answer but what you need to do is truly impossible.

    • 0