encrypting a file to a single windows user

Discussion in 'Programmer's Corner' started by strantor, Jun 23, 2015.

  1. strantor

    Thread Starter AAC Fanatic!

    Oct 3, 2010
    4,302
    1,988
    I've written a Python script which logs in to my toll road account and retrieves my balance, then logs into my email and sends my balance to my phone as a text message. I have the script set up on a windows 8 machine as a scheduled task to run at a specified interval, whether I am logged on to the PC or not (my PC admin login & password are stored in the scheduled task, to run as admin - PC login password encrypted/otherwise secured by whatever means Windows uses).

    The Python script accesses my logins for the toll and email accounts from an unencrypted text file on my C:\ drive. I'm not keen on leaving unencrypted files with my sensitive login info laying around.

    Is there any way I can encrypt the password file by user? What I mean is:
    If another user logs onto my PC and opens the text file, it will be encrypted.
    If someone hacks my computer and opens the text file, it will be encrypted.
    If I log onto my PC and open the text file, it will be unencrypted
    If someone else or nobody is logged onto my computer and scheduled task runs, using my username and password, the text file will be unencrypted for my script.

    Any input welcome. If you have some other idea about the way the encryption should work then please suggest.
    Thanks
     
  2. Alec_t

    AAC Fanatic!

    Sep 17, 2013
    5,797
    1,103
    Can't you encrypt your login details in a way known to you (not to Windoze), save the encrypted versions in the text file and use the Python script to decrypt them?
     
  3. jrap

    Administrator

    Jun 25, 2006
    961
    200
    You could encrypt & decrypt the files using Python (https://pypi.python.org/pypi/simple-crypt). Encrypt it once, and then any time you execute the script, it opens the file and decrypts it on the fly.

    Of course, the encryption 'password' would be stored in your python file, so anyone with a little bit of programming knowledge could theoretically decrypt the file. Perhaps keeping the two files 'far' apparent in your directory structure would help prolong the cat&mouse game if someone really wanted in :)
     
  4. strantor

    Thread Starter AAC Fanatic!

    Oct 3, 2010
    4,302
    1,988
    yes, but then the plain-text python script (the decryption key) would be sitting right there on the same drive as the encrypted file. Granted I could put them in separate folders far away from each other, but still.

    I was hoping there was some kind of Python function which can return a checksum or hash of the password for the currently logged-in user; then I could use that as the decryption key.

    I can use getpass.getuser() and this returns "strantor" - verifying that (I, strantor) am the currently logged on user, and I could use the result ("strantor") as the decryption key. But then someone could easily just replace "getpass.getuser()" in my code with "strantor" and have my script decrypt the file for them.

    I want some way of querying windows about the currently logged-on user, which returns consistent data that is unknown (password) to anyone but the user, without making the user input his/her password.
     
  5. djsfantasi

    AAC Fanatic!

    Apr 11, 2010
    2,802
    832
    Use Windows system or environment variables. In python, the function is os.environ.get() (or one of its variants. Disclaimer: not a Python programmer, but that's what Google returned to me as a function) I've used environment variable functions in many Windows scripts.In your example, I'd access the system environment variable 'USERNAME', and then use it as you have proposed.

    An example from stackoverflow is "print os.environ.get('USERNAME')".
     
  6. strantor

    Thread Starter AAC Fanatic!

    Oct 3, 2010
    4,302
    1,988
    Tested: os.environ.get('USERNAME')
    It works, and returns: strantor
    Same result as getpass.getuser(), and could be used in the same way, for the same result.
    Problem remains the same: someone could easily just replace "os.environ.get('USERNAME')" in my code with "strantor" and have my script decrypt the file for them.
     
  7. jrap

    Administrator

    Jun 25, 2006
    961
    200
  8. WBahn

    Moderator

    Mar 31, 2012
    17,743
    4,789
    You are talking about a very hard problem -- one of the sayings in the information security world is that if you give the adversary physical access to your machine, they own it.

    Also keep in mind that the goal is almost never absolute security, because that is almost never achievable. The goal is to get security that is good enough to protect the target data long enough so that the costs of a security breach are low enough as to be acceptable.
     
  9. atferrari

    AAC Fanatic!

    Jan 6, 2004
    2,648
    762
    Or the time it could take to be of any pratical use.
     
  10. NorthGuy

    Active Member

    Jun 28, 2014
    603
    121
    Simply right click on the file and select Properties, then select "encrypted". Overwriting the file will keep it encrypted. But if you delete and re-create it, the encryption is gone.

    You may need Windows Professional for that.
     
  11. sirch2

    Well-Known Member

    Jan 21, 2013
    1,008
    351
    Why not just log into the toll account from your phone?

    Or failing that, do it the other way around, put a webserver on your PC which you access from your phone and enter a username/password and have it retrieve the toll data.
     
  12. vpoko

    Member

    Jan 5, 2012
    258
    47
    This. If you do this, the file will be transparently decrypted if it's opened under the context of the owner, otherwise it won't be readable. Be careful of what avenues for attack there are running under that same context. E.g., if you have a SQL Server instance running under the same username as the owner of the file, and someone somehow manages to compromise it, it could be serve as a path to get the unencrypted file. You might want to create a special account on your PC just to serve as the owner of the file and run the script.
     
  13. NorthGuy

    Active Member

    Jun 28, 2014
    603
    121
    That's exactly what the OP requested.
     
  14. vpoko

    Member

    Jan 5, 2012
    258
    47
    Yes, I was just reiterating that your answer is exactly what he was looking for (and pointing out some of the shortcomings of what he was looking for).
     
  15. strantor

    Thread Starter AAC Fanatic!

    Oct 3, 2010
    4,302
    1,988
    I don't have this option. Also you are correct it is not available to the "lower" version of windows.
    I would like to make this script available to other people, so as portable as possible across windows versions

    I am now considering dropping an encryption key into the registry @ HKEY_CURRENT_USER\.
    AFAIK there is no way to see the contents of HKEY_CURRENT_USER\ unless you are the current user (no way to see the contents of other people's HKEY_CURRENT_USER\).*
    *of course, there is probably some way to see it with enough hacking skill, but I assume Microsoft took steps to prevent it.

    Am I correct about this? Or can it easily bee seen? I made a test registry entry in there under one profile and couldn't find it from another profile.
     
  16. djsfantasi

    AAC Fanatic!

    Apr 11, 2010
    2,802
    832
    AFAIK, you won't be able to access another user's registry entries.

    Perhaps there might be a way, if permissions could be overridden, the binary format of the .DAT file containing the hive could be read, and you know the other user.

    HKEY_CURRENT_USER is created each time a user logs in, and its settings are stored in NTUSER.DAT filed under the user's profile. More information is available in this Technet article.
     
  17. vpoko

    Member

    Jan 5, 2012
    258
    47
    I think it's pretty straightforward to view other users' keys if the user doing it is an admin. You just open regedit, go to HKEY_USERS, and then go to File->Load Hive.

    What about creating an account specifically for this purpose, leaving the file unencrypted, but changing the permissions so it's only viewable by the special account (though an admin could take ownership and then change the permissions). This would protect you from attempts to access it remotely. If you're worried about someone getting physical access to your PC, though, you're looking at a much more challenging problem, like WBahn said, since you have to store your key somewhere on that same PC.
     
  18. strantor

    Thread Starter AAC Fanatic!

    Oct 3, 2010
    4,302
    1,988
    Yep, you're right. Dangit.
    I'm thinking of this from the perspective of someone else, who might not be all that computer literate, trying to implement my program. I don't want to have an installation procedure so involved that it turns people away. Considering the installation steps already involved, I think creating new user profiles (easy as it may be, for you or me), would be over the top. But that may be my only choice. I want to explore more options before settling for this solution.

    It feels to me that there should be some kind of unique identifier for the current user. One that is not visible to other users (other than by skilled hacking).

    In my mind's eye, it should look like this simplified pseudo code:

    Code (Text):
    1.  
    2. import os
    3. import encryption
    4.  
    5. passwordlist = []
    6.  
    7. currentUser = os.environ.get('USERNAME')
    8. uniqueUserIdentifier = os.environ.getPasswordHash(currentUser)
    9. #-or-
    10. uniqueUserIdentifier = os.environ.getSomeLoginConfirmationChecksum
    11.  
    12. with open('encryptedFile.txt', 'r') as enc_file:
    13.     unenc_file = encryption.decrypt(enc_file, key=uniqueUserIdentifier)
    14.     for line in unenc_file.readlines:
    15.         passwordlist.append(line)
    Now I'm pretty sure Windows isn't going to voluntarily hand over a password hash, so I can probably nix that idea. But I still want to believe that there must be some sort of unique and consistent identifier that only occurs when a certain user is logged in.
     
  19. vpoko

    Member

    Jan 5, 2012
    258
    47
    Windows does have a unique ID for every user (the SID), but it's easy to determine for any user. It's in the format S-1-5-21-191058668-193157475-1542849698-1000, where the last 4 digits are incremented for each new user on the machine and everything else is machine specific.

    One other option: what if the user specifies a password that corresponds to a key when they install your product. Every time they launch your product, they have to enter that password. The file containing their Toll Road password is then decrypted and the Toll Road password is loaded into memory, from which it's used until the application is stopped. There are certainly attack vectors that would be useful against this system, but that's true for any system, and for anything more complicated, you'd probably want to hash out what attack vectors you want to defend against and then define your solution based on that analysis.
     
  20. strantor

    Thread Starter AAC Fanatic!

    Oct 3, 2010
    4,302
    1,988
    .
    Right, I did find out about the SID, and I may yet use that. But it is plainly visible in the registry to any user who knows how to open regedit. Better than nothing I suppose.

    Yes that's the best and most secure way I believe. But I wanted to have the script run automatically, at the desired interval, by Windows' own task scheduler. Run once, and then be done until next scheduled run, not continue running, and not requiring a password entry each time. But perhaps I can make it so that it pops up every time the computer is turned on and asks for a password, then it goes invisible and runs on its own internal scheduling independent of Windows' task scheduler.
     
Loading...