Open Source Client Application Security and SqlLite Suggestions...
-
I am developing a client-side application that will be storing the user's passwords to connect to multiple different servers. Normally I could hash a user's password and compare their input(hashed and salted) to a hash already stored, but they are not logging in to the local application, they are logging in to the server they're connecting to.
So far I've read about encrypting/decrypting the sqlite database for read/writes and various other string encryption methods. But since the project will be open source I'm not sure how to go about this sort of stuff.
I'm aware that if an experienced cracker got a hold of the local machine there's nothing that will really stop them, but I'd still look it to be "secure enough". The user's password is the only sensitive data that the application would be storing.
I'd be most grateful for suggestions on how to tackle this problem. Thanks!