In a situation like this, as DokFLeed mentioned, it seems you are trying
to protect the users private data from being exposed in case the
database itself is somehow copied. If you're storing the key to the
users private data in the database, then this offers no protection.
If you don't intend to ever access the users private data when they
aren't logged in, e.g. via some kind of automated background process,
then use their password to compute a new hash that is used as the
encryption key, and don't store it.
During login the user submits their password to your system (or they
submit the hash, or a challenge response. See the login mechanism for
the Simple Machines Forum for an excellent example of this for the web).
Once you have authenticated their login, you compute a new hash used to
encrypt/decrypt their private data on demand; you could use
MD5(password) for the login authentication and SHA1(password) for the
encryption key; both salted of course.
As long as you never save or store the plaintext password or the SHA1
hashed password in the database, then their encrypted data is safe even
if the database is copied or otherwise compromised.
If you do need to access their 3rd party accounts when they aren't
actively logged into the system, then I would suggest a keyserver
separate from the database to set/get the encryption key for your users.
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Hart, Lee Anne
> Sent: Thursday, September 24, 2009 08:52
> To: 'crypto (at) securityfocus (dot) com [email concealed]'
> Subject: Sufficient Encryption?
>
> Hi,
>
> I'm currently conducting a web application security assessment and
> would like this groups opinion on an encryption question. This
> particular application is a web portal and it "facilitates"
> authentication to other external web applications by storing the
> external web apps passwords (stored in the Secret Store). To store
> these external passwords, the system encrypts the passwords with a key
> that is based on the user's system login password (currently there are
> no password restriction so the password can be weak). The Secret Store
> encryption employs 128-bit RC4 using an encryption key that is derived
> from the MD5 hash of the user's static ID and login password.
>
> In your opinion is this level of encryption sufficient? The web
> application and external web applications do store sensitive
> information about users, in this case they are students attending
> college.
>
> Thank you!
> Lee Anne
to protect the users private data from being exposed in case the
database itself is somehow copied. If you're storing the key to the
users private data in the database, then this offers no protection.
If you don't intend to ever access the users private data when they
aren't logged in, e.g. via some kind of automated background process,
then use their password to compute a new hash that is used as the
encryption key, and don't store it.
During login the user submits their password to your system (or they
submit the hash, or a challenge response. See the login mechanism for
the Simple Machines Forum for an excellent example of this for the web).
Once you have authenticated their login, you compute a new hash used to
encrypt/decrypt their private data on demand; you could use
MD5(password) for the login authentication and SHA1(password) for the
encryption key; both salted of course.
As long as you never save or store the plaintext password or the SHA1
hashed password in the database, then their encrypted data is safe even
if the database is copied or otherwise compromised.
If you do need to access their 3rd party accounts when they aren't
actively logged into the system, then I would suggest a keyserver
separate from the database to set/get the encryption key for your users.
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Hart, Lee Anne
> Sent: Thursday, September 24, 2009 08:52
> To: 'crypto (at) securityfocus (dot) com [email concealed]'
> Subject: Sufficient Encryption?
>
> Hi,
>
> I'm currently conducting a web application security assessment and
> would like this groups opinion on an encryption question. This
> particular application is a web portal and it "facilitates"
> authentication to other external web applications by storing the
> external web apps passwords (stored in the Secret Store). To store
> these external passwords, the system encrypts the passwords with a key
> that is based on the user's system login password (currently there are
> no password restriction so the password can be weak). The Secret Store
> encryption employs 128-bit RC4 using an encryption key that is derived
> from the MD5 hash of the user's static ID and login password.
>
> In your opinion is this level of encryption sufficient? The web
> application and external web applications do store sensitive
> information about users, in this case they are students attending
> college.
>
> Thank you!
> Lee Anne
[ reply ]