Re: 2 Keys decrypts same message

From: 小葉南洋杉 (john65537_at_yahoo.com.tw)
Date: 07/08/03

• Next message: Jim Steuert: "Re: Magic Flight: A New Public Key Algorithm stronger? than factoring"
• Previous message: Jim Steuert: "Re: Magic Flight: A New Public Key Algorithm stronger? than factoring"
• In reply to: Jorge: "Re: 2 Keys decrypts same message"
• Next in thread: 小葉南洋杉: "Re: 2 Keys decrypts same message"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 7 Jul 2003 19:32:28 -0700

jbachler@eudoramail.com (Jorge) wrote in message news:<6dc1ad49.0307070730.5f598756@posting.google.com>...
> Thank's for the answers!
>
> My problem is the following, I have a database
> that needs to be encrypted.
> Some of the rows need to be accessed (decrypted)
> by one person and other by another person, etc.
> I'm talking about 1 million rows and 200 users.
>
> My idea is to encrypt using a password for each user,
> but in the case (very probable) that the user
> forgots the password I need to be able to decrypt
> the data encrypted with his/her password.
>
> I don't want to encrypt each row twice (with a admin password
> and user password) because it will be twice the space.
>
> I don't want to use a *master* key to encrypt every
> row, and encrypt this master key with each user password,
> because user passwords can be weak and compromise all the
> data (not only the user one).
>
> That's why I wanted to decrypt the same data with two
> different keys.
>
> As suggested, I might generate a random Key for each set
> of rows and encrypt the key with the admin password and
> the user password. Then use that key for the set of rows.
>
> anyone has a better idea ??
>
> thanks!
>
> Jorge
>
>

How about encrypt each user's row with his/her password firstly, then
encrypt the cipher AND that password with the master key?
When a user forgets his/her password, the master key can decrypt and retrieve
the lost password then decrypt/retrieve the data row.
However, this scheme may suffer from:
   Secure storage of the master key, and
   Know plain-text attacks on the master key.

---

• Next message: Jim Steuert: "Re: Magic Flight: A New Public Key Algorithm stronger? than factoring"
• Previous message: Jim Steuert: "Re: Magic Flight: A New Public Key Algorithm stronger? than factoring"
• In reply to: Jorge: "Re: 2 Keys decrypts same message"
• Next in thread: 小葉南洋杉: "Re: 2 Keys decrypts same message"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Back Doors ... >> Design into the system a master key. ... Encrypt that with public key. ... Decrypt random symmetric key with private key. ... (sci.crypt) Security log Error 596 ... when I go to request a certificate I ... > Backup of data protection master key. ... DPAPI is used to encrypt secrets (like EFS encryption ... domain recovery key. ... (microsoft.public.windowsxp.security_admin) Re: 2 Keys decrypts same message ... I don't want to encrypt each row twice (with a admin password ... and user password) because it will be twice the space. ... That's why I wanted to decrypt the same data with two ... Jorge ... (sci.crypt) Re: 2 Keys decrypts same message ... > I don't want to encrypt each row twice (with a admin password ... > and user password) because it will be twice the space. ... > That's why I wanted to decrypt the same data with two ... (sci.crypt) RE: Encryption Key Question ... Here's a very quick explanation of how DPAPI works in Windows. ... For each user in the system, Windows generates a random "master key" ... used to encrypt the user's secrets. ... David: You will find out - either that, or you've already found out - ... (Security-Basics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)