How to create a protected file

16 visualizaciones (últimos 30 días)
Adrián Lascurain
Adrián Lascurain el 28 de Mayo de 2023
Comentada: Adrián Lascurain el 1 de Jun. de 2023
I'm currently building a log in app in appdesigner and i need to manage users and passwords within the app, I already found a way to hash the passwords , I just want to know if is there some way to create a file where the hashes are stored in a secure form? like a read only file or a protected file that can not be modified.
I would appreciate your help and thanks in advance.

Respuesta aceptada

Walter Roberson
Walter Roberson el 28 de Mayo de 2023
Not really.
You can embed a SoC kind of computer within a tamper-resistant covering that would be likely to break with all of the common methods of removing the covering. You know the kind, ultra hard resin infused with metal flakes designed to scatter x-rays and ruin MRI. I really don't know the current technologies.
  2 comentarios
Walter Roberson
Walter Roberson el 28 de Mayo de 2023
You can do something like use public key encryption of the hash file, and store the decryption key in the executable, hoping that the attackers are not able to figure out the encryption key for the file, so that if the attackers modify the (encrypted) file the program would find that the CRCs of the decrypted data do not match what is expected.
But... that process is only as secure as how hard it is to work out the encryption key, or to compromise the security of a system that has the encryption key stored.
You can store the file in Write Once Read Many (WORM) storage... but how can your program be sure that the WORM storage device has not been replaced with an in-memory copy that has been modified ? Unless, that is, you are working with hardware-encrypted storage and have some way of verifying that the hardware is working and that attackers are not injecting fake data onto the bus lines when they detect a request to read the file...
Remember that when it comes to would-be-secure systems, that sufficiently determined attackers will be willing to literally have a CPU lie to you. For example, attackers have the resources to hack Intel internal CPU serial numbers so even tying your code to specific CPUs is not enough.
Adrián Lascurain
Adrián Lascurain el 1 de Jun. de 2023
Thanks a lot, it really help me with my problem

Iniciar sesión para comentar.

Más respuestas (0)

Categorías

Más información sobre Third-Party Cluster Configuration en Help Center y File Exchange.

Productos


Versión

R2022b

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by