Talk:Top 10 2007-Insecure Cryptographic Storage

From OWASP
Revision as of 08:00, 29 September 2007 by Byteme (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

In reference to the suggestion than you should "Generate keys offline and store private keys with extreme care." How would I be able to do this if each of my user's has his own account in my web site's database and they each need to access their account information from time to time. Each Record is encrypted/decrypted with a different key which is dynamically created when the account owner wants to access their account information. Also, even if I went ahead and created the key off-line, I still need to store the key someplace, lets say in a database. The key needs to be accessable whenever a user wants to access their account. I just made the key available to anyone that has the ability to get a copy of my database(I'm referring mainly to hackers, although emoloyees can be a problem too). Lets say I go ahead and encrypt that key, well I now have the same problem, the key I used to encrypt that key needs to be stored in the database, so I would have to encrypt that key too and it would be a never ending cycle of key encrypting.

Is it an accepted practice to take pieces of data from fields(fields that won't change), that are not encrypted, from the user's account(their record in the DB) and transform that data into the key? The function that does this would have to be stored on the web server, and the file that the function is stored in could be pre-compiled, so if someone did manage to get a copy of that file, it would not be readable.