Re: Newbie - Are You Sure That's the Correct Pass Phrase?
- From: Larry Lindstrom <nobody@xxxxxxxxxxx>
- Date: Wed, 05 Jul 2006 09:51:49 -0700
Civitas Fenniae wrote:
On 5-Jul-2006, Larry Lindstrom <nobody@xxxxxxxxxxx> wrote:Civitas Fenniae wrote:On 5-Jul-2006, Larry Lindstrom <nobody@xxxxxxxxxxx> wrote:
Yes. If the user name and password match I ask for the pass
phrase. The pass phrase is run through PKCS # 5 algo 2. This
produces the crypto key for certain columns in database accesses.
Sorry, my mistake, I thought passphrase was used when the user signs in. So
you have a (different) password for that purpose. So the passphrase is not
needed before the user uses the application.
Thanks again Civitas, and all who are trying to help me:
I'm still very inexperienced in this crypto stuff. You folks
have been there. I'll defend my plan so you to have a stationary
target to shoot at in order to expose its weaknesses. I'll be
glad to change my approach.
User name and matching password gains access to the program.
The user can change their password when ever they want, and their
user name can be removed.
The pass phrase encrypts the information, so someone who gains
access to the database, and uses a command line SQL tool to query
the data, will see the sensitive fields in the table in cyphertext.
I'm using the LibTomCrypt crypto library.
Yes. The pass phrase is used to generate the key.So you use the same passphrase to encrypt the data?I'm reading "Practical Cryptography" by Ferguson and Schneier.
Skipping ahead to the "Storing Secrets" chapter, it is apparent
that having a field for the hash of the pass phrase used to
encrypt the private fields is a bad idea.
Sorry, my mistake, the passphrase is not the password used to enter the
system.
That is correct. Passwords can be changed on a dime,
propagating a new pass phrase through the database will
be more ponderous.
Hmmm, I'm not quite sure what you mean ... Is the hash of the passphraseYes, more or less. PKCS # 5 algo 2 uses the pass phrase, a
(more or less) directly the encryption key?
salt, and a hash to generate the encryption key. At least that's
my plan.
That certainly doesn't sound
like a good idea.
Well, on the other hand, maybe it is ... I wouldn't know ...
Ok, maybe that's not my plan. :)
But how else would you get the data which has beenI'm not trying to tell someone the pass phrase if they loose
encrypted using a lost passphrase? You don't store the passphrases, do
you, just their hashes?
it. I would like to give them a hint if they have a typeo when
they enter it and add a bunch of records to the database that
they will never be able to decrypt again.
Do you store the passphrases 'in the clear'?
No, the only place the pass phrase is stored is in the
head of the users. The business may have a policy that all
records are to be encrypted with the same pass phrase, which
will allow all data to be shared. Some may let users have
their own pass phrase.
How about using the pass phrase to decrypt and display the
first and last names of the last 10 records the user entered?
If they see garbage in those names, it will suggest that
perhaps they mis-typed the pass phrase. This isn't perfect,
perhaps they intend to use a different pass phrase for this
particular entry.
It's a database app used by clubs and similar businesses.
The database will have members personal information, names,
addresses and phone numbers. It may be run on laptops. I
just want to offer a reasonable level of protection if a
laptop is stolen. There are, of course, many other threats
which I'm sure people who post in this newsgroup know better
than I.
I'm not currently planning on saving a hash of the passI expect people to pick one pass phrase and stick to it.I think a cryptographic hash of the passphrase is secure in general (for
Am I misunderstanding Ferguson and Schneier? They talk of
someone storing the checksum of the password, "which defeated
the entire salting and stretching procedure." Is it secure to
keep a hash of the pass phrase with the data?
access control). But the big question seems to be "how do you generate
the decryption key?".
phrase. That seems to be one method to see if I'm going to
determine if the pass phrase has been used before. But is
it safe to store these hashes? Is this giving information
that could be used in an attack?
I don't see the safety problem of storing the cryptographic-quality hashes.
They are produced by a one-way function which is supposed to be practically
impossible to invert. Easy to make the hash from the passphrase, next to
impossible to tell which passphrase (which are not stored in the database)
produces a particular hash. If the passphrases are long enough, I wouldn't
be too worried about the safety of the hashes ... unless the decryption key
is easy to find given the hash ...
Ok, I think I'll keep a hash of the hash of the pass phrase
each encrypted record. And the first hash will probably be
PKCS # 5 algo 2.
I hope somebody more knowledgeable will be able to answer to your concerns.
You are helping a lot. I appreciate your input.
Thanks
Larry
.
- References:
- Newbie - Are You Sure That's the Correct Pass Phrase?
- From: Larry Lindstrom
- Re: Newbie - Are You Sure That's the Correct Pass Phrase?
- From: Adrian Jansen
- Re: Newbie - Are You Sure That's the Correct Pass Phrase?
- From: Larry Lindstrom
- Re: Newbie - Are You Sure That's the Correct Pass Phrase?
- From: Civitas Fenniae
- Re: Newbie - Are You Sure That's the Correct Pass Phrase?
- From: Larry Lindstrom
- Re: Newbie - Are You Sure That's the Correct Pass Phrase?
- From: Civitas Fenniae
- Newbie - Are You Sure That's the Correct Pass Phrase?
- Prev by Date: Re: RSA large messages
- Next by Date: Re: Newbie - Are You Sure That's the Correct Pass Phrase?
- Previous by thread: Re: Newbie - Are You Sure That's the Correct Pass Phrase?
- Next by thread: Re: Newbie - Are You Sure That's the Correct Pass Phrase?
- Index(es):
Relevant Pages
|
