All geek questions in one place

Storing passwords in the database when hashing is not applied

There are many questions about stack overflows on how to store user passwords, and, of course, a general tip is to hash passwords and compare hashes.

However, imagine that you are creating an intranet application (such as SharePoint) that people deploy in their environment. And suppose that accessing an external service via HTTP requires a username and password combination (solutions that rely on API keys or federated security are not supported).

In this case, we cannot use the password, because we will need to pass the original password to the web service that we call. Encryption will be the second best solution, but what will we use for the encryption key? If the attacker compromised the database, presumably they will have access to which key is used to encrypt data in the first place?

If you really need to get a plaintext version of a stored password, how would you approach the problem in the safest way?

+4
source share
3 answers

This is a really interesting question. I am joining.

You must encrypt it when storing it. No matter how you look at it, this is better than storing it in plain text. Let it be said that the attacker discovers that the SQL injection declares db, it still does not hold the encryption key. On the other hand, if he gets access to the server, he will probably also find the encryption key.

To improve it a bit, you can save the encryption key in the server configuration. Assuming you are using Apache, you can use SetEnv .

I need to enter the encryption key in my environment when Apache starts, then it is saved as the en environment variable, so the key is not actually stored anywhere on my server.

There is no way if you do not require the user to enter a key to decrypt the password, on which you will be 100% more secure.

+2
source

You can generate the encryption key from the user password. (Not their password for the external service - their password is for your service.) Since you do not store your password in text form, an attacker who compromised your database will not be able to decrypt the passwords. The downside is that you have to ask them for a password (for your service) when you need an external password.

+2
source

Your question is upside down. The problem is not how to allow the consumer to "view" the password; the problem is how to allow the consumer to authenticate.

Your implementation provides the means by which the consumer can provide a password and username and receive either "yes" or "no." Then you continue to store encrypted (non-hashed) passwords in the database.

+1
source

Source: https://habr.com/ru/post/1388527/

More articles:


All Articles