Best IT Recipes

Windows equivalent of OS X Keychain?

Is there an equivalent OS X Keychain used to store user passwords on Windows? I would use it to save the user password for the web service that my (desktop) software uses.

From the answers to this related question ( Protecting user passwords in desktop applications (Rev 2) ) and many third-party password storage tools , I assume that such a thing does not exist. Am I stuck or asking for a password every time I access the web service, or just keep it confusing?

+53
security windows passwords
Jan 14 '09 at 13:26
source share
5 answers

The "traditional" equivalent of Windows will be the secure storage subsystem used by IE (pre IE 7), Outlook Express, and several other programs. I believe that it is encrypted with a login password, which prevents some offline attacks, but as soon as you are logged in, any program that wants to read it. (See, for example, NirSoft Protected PassView file for storage .)

Windows also provides CryptoAPI and Data Protection APIs that can help. Again, I do not think that Windows is doing anything to prevent processes from running under the same account from each other.

It appears that the book Mechanics of User Identification and Authentication contains more detailed information about all of these.

Eclipse (via Secure Storage ) does something similar if you are interested in learning how other software does it.

+16
Jan 14 '09 at 13:47
source share

Windows 8 has a keychain concept called Password Vault. Windows Runtime applications (Modern / Metro) as well as managed desktop applications can use it. According to the documentation:

Applications and services do not have access to credentials associated with other applications or services.

See How to save user credentials on MSDN.

Pre-Windows 8 Data Protection API (DPAPI) is the closest equivalent to the key chain. Arbitrary data can be encrypted using this API, although the storage of encrypted data depends on the developer. The data is ultimately encrypted using the user's current password, however, the user or developer supplying the "additional entropy" can be included to further protect the data from other software or users. Data can also be decrypted on different computers in the domain.

DPAPI can be accessed through its own calls to the Crypt32.dll function CryptProtectData and CryptUnprotectData or through .NET. Framework ProtectedData , which is a limited wrapper of functions for previous functions.

For more information than ever needed to learn about DPAPI, see Passcape DPAPI Secrets. Security analysis and data recovery in DPAPI .

+15
Mar 30 '15 at 8:22
source share

In fact, looking at MSDN, the features that they recommend to use (instead of secure storage):

  • CryptProtectData
  • CryptUnprotectData

The link for CryptProtectData is in the CryptProtectData function .

+14
Dec 05 2018-10-12T00:
source share

This is 2018, and Windows 10 has the Credential Manager, which can be found in the Control Panel.

+7
Oct 16 '18 at 12:29
source share

Take a look at Roboform ( http://www.roboform.com/ ). I use it all the time. SourceForge.net also has a free program. Here is one from CNET ( http://download.cnet.com/Password-Keychain/3000-2381_4-10072470.html ). Just a few (maybe) hundreds of programs there. :-)

-10
Mar 25 '16 at 19:18
source share


More articles:


All Articles