>I am designing a program mostly for home use, but I may offer it as freeware. I am a little worried about saving the password to the registry without some form of encryption. Is there anything I can use to make the password safer.
>
>Tim

FWIW, I think the best way to 'store' a user's password in the registry is to use some kind of proprietary encryption algorithm. You could dream up your own if you feel like it. However, depending upon your security needs, you could start off with a well-known and widely availble algorithm.

Personally, I'd use a one-way hash function, preferably MD5. I'd combine the user's password with some other esoteric characters, maybe something culled from the machine's ROM, and apply MD5 to that, then store the resulting hash value to the registry. Then, when verifying passwords, simply do the same steps and compare with the value already in the registry.

Note that this is NOT guaranteed to be fool proof (nothing ever is). A determined hacker could step through your code to figure out how you 'mangle' the password, then simply apply your algorithm to his own password then overwrite the hash value in the registry.

For that matter, a really determined hacker could do that even with a really complex proprietary encryption algorithm. It all depends upon what your security needs are, how far you're willing to go, and how far the 'enemy' is willing to go with you. ;)