password reset and encrypt-decrypt relation in php

StackOverflow https://stackoverflow.com/questions/18398817

Question

I use password in not only signIn but also encryption. And signIn password is crypted md5. If I lost / forget password. How can I decrypt my data?

for example. user sign in with password = 1234. if signed in => decrypt data by using that password.

I don't want to save my password in userdata for user privacy issue. I want make user believe their data can only read by themselves.

If user change password, how can I decrypt encrypted-data? Because password is a key for encrypt-decrypt.

Thank.

Was it helpful?

Solution

If you are using the password as a decryption key, and you lose the password, then there is no way to recover the data. If you use that approach, then you need to be very careful to not lose the password.

In this particular case, you could try to brute force the MD5ed copy of the password. MD5 is very weak, and unsuitable for storing hashed passwords.

OTHER TIPS

In your current scheme it is obviously not possible to do this. You may be able to work around it though. What you would need is to add additional layers to your approach.

First of all, encrypt the user data with a randomly generated key. This key would be the data encryption key. Now you are able to encrypt this key with any other key or keys. One of these keys would be generated from the users password (send over SSL, using PBKDF2 at the server to derive the key from the password).

Now you can think of alternative schemes to decrypt the data encryption key. One would be to use a key derived from a standard password recovery phrase (name of pet + age of mother). Another would be to encrypt the key with a public key and securely store the private key in a vault. The safety of the encrypted data key is of course equal to the least safe key encryption key.

Encrypting data of a pretty big step to take. A user can never be sure that you don't do anything with the data, as you are the one providing the (web-)application. Thinking that the user should not be able to trust you is therefore a contradiction in itself. It is probably more worth the cost to think about safety of the data against attack (database security), theft protection etc.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top