[nycphp-talk] Data encryption on ISP server
Flavio daCosta
nyphp at n0p.net
Fri Jun 24 21:35:33 EDT 2005
On 06/24/2005 05:42 PM, Frank Wong wrote:
--clip--
> However, my concern is that where and how do I
> store this all important pass-phrase since it is the key that opens all
> doors.
Although the suggestion of dedicated hosting sounds better; here is a
possible solution:
Multifactor encryption.
You could perhaps encrypt this _all important passphrase_ with the users
password. Then the process would be: User supplies password, this
password is then used to decrypt the master passphrase, then the
decrypted master passphrase is then used to decrypt the data in the db.
If you have multiple users, you could keep the user identification and
their version (passphrase encrypted by user password) in an un-encrypted
data store. If they need to change their password, you could decrypt
the passphrase with their old password; encrypt passphrase with new
password and stash back in data store.
A few caveats:
1) Not as secure as dedicated hosting.
2) If the master passphrase must be changed, all users must update their
passwords.
3) New user setup would be a manual process to get the initial
(unencrypted) passphrase encrypted with their password.
*****ok, so I shot this off the top of my head so take it with a grain
of salt and a word of caution! If there are flaws, I am sure one of the
sharp people on this list will point them out. ;)
YMMV
Flavio
More information about the talk
mailing list