How to create a protected file

16 vues (au cours des 30 derniers jours)
Adrián Lascurain
Adrián Lascurain le 28 Mai 2023
Commenté : Adrián Lascurain le 1 Juin 2023
I'm currently building a log in app in appdesigner and i need to manage users and passwords within the app, I already found a way to hash the passwords , I just want to know if is there some way to create a file where the hashes are stored in a secure form? like a read only file or a protected file that can not be modified.
I would appreciate your help and thanks in advance.

Connectez-vous pour répondre à cette question.

Réponse acceptée

Walter Roberson
Walter Roberson le 28 Mai 2023
Not really.
You can embed a SoC kind of computer within a tamper-resistant covering that would be likely to break with all of the common methods of removing the covering. You know the kind, ultra hard resin infused with metal flakes designed to scatter x-rays and ruin MRI. I really don't know the current technologies.
  2 commentaires
Walter Roberson
Walter Roberson le 28 Mai 2023
You can do something like use public key encryption of the hash file, and store the decryption key in the executable, hoping that the attackers are not able to figure out the encryption key for the file, so that if the attackers modify the (encrypted) file the program would find that the CRCs of the decrypted data do not match what is expected.
But... that process is only as secure as how hard it is to work out the encryption key, or to compromise the security of a system that has the encryption key stored.
You can store the file in Write Once Read Many (WORM) storage... but how can your program be sure that the WORM storage device has not been replaced with an in-memory copy that has been modified ? Unless, that is, you are working with hardware-encrypted storage and have some way of verifying that the hardware is working and that attackers are not injecting fake data onto the bus lines when they detect a request to read the file...
Remember that when it comes to would-be-secure systems, that sufficiently determined attackers will be willing to literally have a CPU lie to you. For example, attackers have the resources to hack Intel internal CPU serial numbers so even tying your code to specific CPUs is not enough.
Adrián Lascurain
Adrián Lascurain le 1 Juin 2023
Thanks a lot, it really help me with my problem

Connectez-vous pour commenter.

Plus de réponses (0)

Catégories

En savoir plus sur Third-Party Cluster Configuration dans Help Center et File Exchange

Tags

Produits


Version

R2022b

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by