Avoid Clear Text Password in Source File

I have an application that has default passwords stored in a variable as clear text in the source file, I read that isn't safe at all.

So I want to know what can I do to protect this password in my cpp application. My current solution is to store those passwords in a file in encrypted format and I retrieve them by using a decryption key. but the problem is that the decryption will still be hardcoded in the file.
I believe I need to store the decryption key in a file and then secure that file but I am not sure how to that.
Password for what?

Or more specifically, why is it the program's password and not the user's password?

The other problem is who is your adversary?
- technically illiterate user
- curious kid
- lone computer professional
- small IT department
- large IT department
- multinational corporation
- state sponsored "Three Letter Agency"
Password for what?

Password for databases, servers etc

The other problem is who is your adversary?

I am assuming a large IT department, the goal is to make the job really hard a determined adversary.
Given the specified adversary you are writing this password encrypt/decrypt against you might consider using an existing 3rd party library that is "battle-tested".

https://stackoverflow.com/questions/180870/what-is-the-best-encryption-library-in-c-c

The SO question and answers are admittedly years out of date, the suggested libraries are still available. OpenSSL, libtomcrypt, Botan.
If'n you have not already poked your nose in the camel's tent over here: https://cplusplus.com/forum/lounge/284453/ you should.
> Password for databases, servers etc
Why are these not under the control of the respective DB and server admins?
Why do the passwords need to be buried in the code?
I already have the encryption/decryption functions, what I need is a way secure way to store the decryption key that's not in clear text in the source file

Why are these not under the control of the respective DB and server admins?

I am not sure why.
Never put any credentials (e.g. passwords) in the source code!

Besides other reasons, if you put a hard-coded "password" into the source code, then it will unavoidable end up in the compiled binary (EXE file) that you'll deploy to the end user! So, effectively, the password is leaked to everybody to whom you deploy the application! Encryption does not help in this case at all, because if the application is supposed to actually use the password, then it would necessarily have to decrypt it. So, then the "secret" encryption key would have to be hard-coded in the source code; thus you have not gained anything! Finally, what is the sense in using the same hard-coded password for all users of your application?

Trying to "hide" a hard-coded password in your program code is nothing but obfuscation. That is called security through obscurity and it is a good example of an anti-pattern, i.e. what you should not be doing!

Solution: Do not use hard-coded credentials (e.g. passwords). Use a different and randomly-generated (i.e. impossible to predict) password for each user. This password can be given to the individual user over some "secure" channel and can be read by the application, at runtime, from a file or environment variable.

________

There have been an uncountable number of security incidents, because people used hard-coded credentials (or forgot to disable "debug" accounts with fixed/default passwords) and still they haven't learned ???
Last edited on
Solution: Do not use hard-coded credentials (e.g. passwords). Use a different and randomly-generated (i.e. impossible to predict) password for each user. This password can be given to the individual user over some "secure" channel and can be read by the application, at runtime, from a file or environment variable.

How will the program compare the entered passwords to see if it correct?

I am not using hardcoded passwords anymore, I am taking them from a file in encrypted format.
What I want to know is where I can store the decryption key outside the key source code securely.
Last edited on
I am not using hardcoded passwords anymore, I am taking them from a file in encrypted format.
What I want to know is where I can store the decryption key outside the key source code securely.

After all, you can't!

If you always use the same (i.e. fixed) key to encrypt the password file, then effectively the encryption of the password file is totally pointless! Somehow the application would have to "know" that fixed encryption key in order to be able to decrypt the file, so the key would have to be hard-coded in the program code - which means that we are back to the original problem! Also, any kind of fixed key will leak to the public, sooner or later.

Storing the fixed encryption key "outside" the application doesn't help either!

Solution: Encrypt the file for each user with a different, user-specific key. The encryption key can be derived from a "passphrase" using PBKDF2 function. Then you only need to give each user its individual "passphrase" over some secure channel (e.g. phone or letter). The user enters its personal "passphrase" into the application, the application uses PBKDF2 to derive the unique key, and finally it decrypts the file with the derived key.

https://en.wikipedia.org/wiki/PBKDF2#Purpose_and_operation
Last edited on
Ok thank you for the answer, basing on your suggestions I will try to come up with a solution for my issue.
Topic archived. No new replies allowed.