NYCPHP Meetup

[csnyder]

On 6/24/05, Flavio daCosta <nyphp at n0p.net> wrote:
> You could perhaps encrypt this _all important passphrase_ with the users
> password.  Then the process would be: User supplies password, this
> password is then used to decrypt the master passphrase, then the
> decrypted master passphrase is then used to decrypt the data in the db.

I like this idea in theory, and it might be an excellent solution for
medium-security data. But let's play with it.

If the passkey for decrypting the data is itself encrypted using the
user's password, and the user's password is not stored on the server
(only an md5 or sha1 hash is kept for verification), then this is safe
-- provided a realitvely strong password is used.

> 3) New user setup would be a manual process to get the initial
> (unencrypted) passphrase encrypted with their password.

But that's a good thing. If just anyone could come along a register as
a new user, then an attacker with shell access could just register and
then use his password to decrypt the passphrase, game over.

So for a limited userbase with known-strong passwords, this could
indeed be a workable solution. There's every possibility that we're
overlooking something, though.

-- 
Chris Snyder
http://chxo.com/