Databases
StackOverflow2013
Postsdbo
POUsing asymmetric encryption to secure passwords
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POUsing asymmetric encryption to secure passwords
    text
    copied!<p>Due to our customer's demands, user passwords must be kept in some "readable" form in order to allow accounts to be converted at a later date. Unfortunately, just saving hash values and comparing them on authentication is not an option here. Storing plain passwords in the database is not an option either of course, but using an encryption scheme like AES might be one. But in that case, the key to decrypt passwords would have to be stored on the system handling authentication and I'm not quite comfortable with that.</p> <p>Hoping to get "best of both worlds", my implementation is now using RSA asymmetric encryption to secure the passwords. Passwords are salted and encrypted using the public key. I disabled any additional, internal salting or padding mechanisms. The encrypted password will be the same every time, just like a MD5 or SHA1 hashed password would be. This way, the authentication system needs the public key, only. The private key is not required.</p> <p>The private key is printed out, sealed and stored offline in the company's safe right after it is created. But when the accounts need to be converted later, it will allow access to the passwords.</p> <p>Before we deploy this solution, I'd like to hear your opinion on this scheme. Any flaws in design? Any serious drawbacks compared to the symmetric encryption? Anything else we are missing?</p> <p>Thank you very much in advance!</p> <p>--</p> <p><em><strong>Update:</em></strong> In response to Jack's arguments below, I'd like to add the relevant implementation details for our RSA-based "hashing" function:</p> <pre><code>Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); Cipher rsa = Cipher.getInstance("RSA/None/NoPadding"); rsa.init(Cipher.ENCRYPT_MODE, publicKey); byte[] cryptRaw = rsa.doFinal(saltedPassword.getBytes()); </code></pre> <p>Having quickly skimmed over the paper mentioned by Jack, I think I somewhat understand the importance of preprocessing such as OAEP. Would it be alright to <strong>extend my original question</strong> and ask if there is a way to apply the needed preprocessing and still have the function return the same output every time for each input, just as a regular hashing function would? I would accept an answer to that "bonus question" here. (Or should I make that a seperate question on SOF?)</p> <p>--</p> <p><em><strong>Update 2:</em></strong> I'm having a hard time accepting one of the present answers because I feel that none really does answer my question. But I no longer expect any more answers to come, so I'll accept the one that I feel is most constructive.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload