Recommended encryption method for recoverable passwords [closed]

Question

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.

Closed 9 years ago.

I have an app which requires keeping multiple user passwords, with the requirement that they be recoverable.

I'm thinking about encrypting the passwords using the master password + another encryption mechanism.

The key for the encryption will be kept in an external system and can be retrieved using an API. The thing is i'm not sure if:

1. This method is secure enough
2. which additional mechanism should i choose for the encryption.

Thanks.

EDIT-------------- I know it's closed...but i do want to clarify - i have to have the ability to decrypt, this is a major part in my app...with that been said i think i got my answer with AES algo. I dont need hashing since hashing is irreversible

Answer 1

Stack overflow is a forum for helping you with coding issues.

This question is more suited to The security forum.

That said, there are some standardized guidelines for encryption.

When implementing a symmetric encryption cipher, it's best to use the AES Algorithm. This is the most secure symmetric key block cipher to date, and is the standard for what we currently consider as "protected".

If you're looking to hash passwords, which is the standard for password storage, then there is no need for a key. Use the SHA1 algorithm. In terms of the size of the output, it is the more secure hashing algorithm that is currently in use. Other options are SHA256 and SHA512

Edit: Oh the times they are a changing. And so are the hashing algorithms! People are moving from the SHA family of hashing algorithms to Bcrypt, which has several other features like introducing a cost factor to protect against rainbow tables.

Answer 2

i'm not sure if [...] This method is secure enough

No it isn't. Any method of password storage that allows the recovery of a password rather than a secure method of resetting it is not considered to be 'secure' by most. Additionally, how does is the user sent their 'recovered' password? Because using email to do this is just about the worst possible method.

If you cannot get around having to be able to "recover" the password, then what you want is asymmetric [aka public key] encryption. The password would be encrypted by the public key and stored in the database for comparison. The private key should be kept separate, ideally offline on a memory stick in a safe, and protected by at least one password, if not two or more passwords held by separate people.

As others have mentioned this question is better suited to http://security.stackexchange.com than here, but it has already been asked many times, and you will get more strongly-worded encouragements about not doing it this way at all rather than solutions.

Answer 3

Here is your mandatory read: You're Probably Storing Passwords Incorrectly

Now, on the question of how to store ciphered passwords. Don't. Store hashed passwords.

---

You are probably asking to solve the wrong problem. I suspect you want to create a feature to recover passwords... in that case I'll send you to one of my previous answers if you don't mind.

---

As an alternative, you may be wanting to store multiple keys for a single user on a client machine. If this is what you want, then your best bet is to secure it with the security the that the operating system offers you. You should not expect to do better than ciphered files for the user provided by means of the operating system.

---

Otherwise, you basically designing the way over which all of the stored passwords are going to be stolen. Either because what is considered secure now may no longer be considered secure tomorrow, or because we are humans (right?) and we can commit mistakes.

Anyway, your security will be at best as strong as the authentication process of the secondary API (I mean, the one to retrieve the key to decipher the passwords). You do mention Java, what are the chances of your java code being reverse engineered to discover how to get the passwords?

Answer 4

PHP supports SHA1, manual: http://php.net/manual/en/function.sha1.php

if (sha1($str) === 'd0be2dc421be4fcd0172e5afceea3970e2f3d940') { echo "Would you like a green or red apple?"; }

And JAVA SHA1 example: http://www.herongyang.com/Cryptography/SHA1-Message-Digest-in-Java.html

You can combine SALT + PSK(SHA1) with AES encryption.

I recommended use to SYSTEM SALT (generated SHA512 key on system + SALT on user + PSK SHA512 for login).

Or better use PBKDF2 if you cant use either, bcrypt or scrypt with SHA2.