tags:

views:

26

answers:

2
Q: 

Which encoding for storing decodable passwords?

I'm building a web service which takes credentials for other services and polls these on the users behalf. Ie - consider an email aggregation service - polls your accounts at various different email providers, and collates them in a single list.

In this scenario, passwords provided by the user must be able to be decrypted by the webapp, so they can be passed to various services' for authentication.

How should I store these passwords?

I've read various posts on SO about storing passwords in db's (the answer is always 'don't'.), but in this instance I can't see an alternative. (suggestions welcomed though)

A: 

You could store the hash of the passwords using a secure cryptographic hash such as the SHA series (SHA-1, SHA-512, etc.). Then, to authenticate, hash the inputted password and compare it with the stored hash. That way, you never store the actual password there - only a (generally) non-reversible hash.

Delan Azabani  2010-08-18 11:40:31
-1 missing the point. I'd subtract another 1 if I could, since you forgot about salting.
tc.  2010-08-21 08:56:14
If I'm missing the point, then what is the point exactly?
Delan Azabani  2010-08-21 09:01:08
The point is that Gmail can check your other mail accounts for you. It does this by knowing your plaintext password.
tc.  2010-08-21 09:12:51
A: 

Let's clarify something here: The server must be able to recover the plaintext password.

Consider some things you might do:

  • Encrypt the passwords with a key. Store the key in a config file.
  • Encrypt the passwords with a smart card/black box.
  • Encrypt/decrypt the passwords with the aid of another server by sending HTTPS requests.
  • Encrypt the key with a key in RAM. Use mlock() to stop it from being swapped to disk. Hope that you don't have to restart.

None of them help you if the attacker has root (but nothing does). Most of them don't help you if the attacker cuts the power and steals the boxes (RAM is not as non-volatile as you'd like for the purpose).

What attacks are you trying to defend against? What attacks are you ignoring?

One possibility is to encrypt passwords with a key derived from the user's password (like OSX's Keychain, and Windows's equivalent password-storage which nobody uses). When the user is logged on to your web service, you can keep the key in the session (or XOR it with a one-time pad and store the pad in a cookie, and only recover the key when the user sends a request). This makes stealing external passwords from a database backup at least as difficult as cracking the user's password. It doesn't help much against the others, though.

tc.  2010-08-21 09:11:50

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords