Encrypt password for storing

Question

I'm writing a little tool in C++ and I'm confusing about how to store the encrypted password in text file. I've searched the Internet. Popular advice about hashes is:

"The basic concept is that you take the password, use it to compute its hash, and then store that hash. Later, when the user enters the password to log in, you compute its hash again and compare the resulting hash to the stored hash."

But, I need to decrypt password to plain text. What should I do? Any advice, please.

Answer 1

In the scenario that you describe, hashing the passwords does not apply. Since you do need the plaintext password for the SMTP server, you have no choice but to store it in an encrypted way.

That said, I seriously hope you use SSL for the connection to your SMTP server, or else you need not worry about encryption at all as the password will be stolen on the network (much more likely than on your local computer).

The catch with encrypting a password so it can be restored is that if your program is able to do that without user intervention, then the decryption key must be stored in the executable (or in a data file), and thus everybody can in principle restore the original password.
It is very easy to make a password unreadable against casual inspection (such as when using a hex editor), but it is very hard (without user interaction: impossible) to do this in a way so it is unrecoverable.

If applicable at all, you should therefore not have the encryption key stored in the program or any such thing at all, but prompt the user once at startup for the key, which the program will then keep cached in memory for the remainder of its runtime. Be sure to lock (mlock under Unix, LockVirtualMemory under Windows) the page where the decrypted password will be stored, so it cannot be written to swap.

Other than that, it's pretty simple, you can use any kind of off-the-shelf algorithm. Since the cryptographic algorithm will most certainly not be the weakest link in your security chain, it does not matter too much which one you choose. You should of course still not deliberately choose a trivial-to-crack algorithm like a simple xor-encryption, but any somewhat serious algorithm like TEA, Blowfish or Twofish, or AES will do just fine.
I would probably just choose TEA since it's only half a dozen lines of code and is pretty much as good as "storing an encrypted plaintext password" can get, either way.

Answer 2

The basic principle, as described in the comments:

When a new user is added, the password is hashed, and the hash-value is stored.

When a user tries to log in, their password is hashed, and compared with the stored hash-value.

So in code, that would be:

void addNewUser(std::string name, std::string password)
{
    sometype hashValue = hashFunction(password);
    store(name, hashvalue); 
}

bool login(std::string name, std::string password)
{
    sometype hashValue = hashFunction(password);
    userdata = findUserData(name);
    if (userdata.hashValue == hashValue)
       return true;
    return false;
}

(Obviously, I've ignored some of the complexities with for example checking that there really is a user with that name, etc)

Edit: Of course, if you need to send the password in plain text, you need a reversible encrypption. There are plenty of those around too.

This subject here covers general encryption algorithms (and mentions hashes): Top Hashing and Encryption Algorithms?

Of course, it really depends on what you are trying to achieve, and who gets to see the encrypted data and keys. If you are storing things on your local computer, no big deal, use some encryption that makes sense to you, and store the key inside the code you are writing. If your code will be distributed such that others that may be interested in the stored passwords, then you will need to do something better... And here, as larsks says in the comment, the real problem is that you are distributing the passwords and the encryption key and it's algorithm, so anyone that can do a bit of reverse engineering [or network snooping] can get the the passwords.