0

I use password in not only signIn but also encryption. And signIn password is crypted md5. If I lost / forget password. How can I decrypt my data?

for example. user sign in with password = 1234. if signed in => decrypt data by using that password.

I don't want to save my password in userdata for user privacy issue. I want make user believe their data can only read by themselves.

If user change password, how can I decrypt encrypted-data? Because password is a key for encrypt-decrypt.

Thank.

user2710326
  • 15
  • 1
  • 5
  • 2
    By definition, you cannot decrypt properly encrypted data if you've lost the password. The only way for that to work is that *you* store the actual password on the server. But then the TNO (trust no one) security is moot. Either the user has control of his data and thereby also all responsibility, or *you* do. – deceze Aug 23 '13 at 09:02
  • You can't. If you use something as a key to properly encrypt / decrypt data and lose that key then that data is worthless and you need to re-capture the data and re-encrypt it with the new password. Also please do not use md5 to store password hashes. See the note about password hashing using md5 on the [md5() manpage](http://php.net/manual/en/function.md5.php) – Anigel Aug 23 '13 at 09:04
  • if some only changes the password you can ask for the old password before changing then decrypt with the old password and encrypt with the new one again. – Christoph Diegelmann Aug 23 '13 at 09:13
  • Thank for your replys. Especially your word "Either the user has control of his data and thereby also all responsibility, or you do". :) Any approached that user can rescue without storing in database. Rule is "user can only insert crypt key". thank advanced. – user2710326 Aug 23 '13 at 09:25

2 Answers2

1

If you are using the password as a decryption key, and you lose the password, then there is no way to recover the data. If you use that approach, then you need to be very careful to not lose the password.

In this particular case, you could try to brute force the MD5ed copy of the password. MD5 is very weak, and unsuitable for storing hashed passwords.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • Hello Quentin, Thank for your quick reply. If there another approach do u have to suggest? Rule is "user can only insert crypt key". crypt key will not store in database. – user2710326 Aug 23 '13 at 09:16
  • What about security questions or user email? Any approched? – user2710326 Aug 23 '13 at 09:21
  • What use would security questions be? Those can be used to help determine if you should give a new key to the user … but you have no way to create a new key. – Quentin Aug 23 '13 at 09:27
0

In your current scheme it is obviously not possible to do this. You may be able to work around it though. What you would need is to add additional layers to your approach.

First of all, encrypt the user data with a randomly generated key. This key would be the data encryption key. Now you are able to encrypt this key with any other key or keys. One of these keys would be generated from the users password (send over SSL, using PBKDF2 at the server to derive the key from the password).

Now you can think of alternative schemes to decrypt the data encryption key. One would be to use a key derived from a standard password recovery phrase (name of pet + age of mother). Another would be to encrypt the key with a public key and securely store the private key in a vault. The safety of the encrypted data key is of course equal to the least safe key encryption key.

Encrypting data of a pretty big step to take. A user can never be sure that you don't do anything with the data, as you are the one providing the (web-)application. Thinking that the user should not be able to trust you is therefore a contradiction in itself. It is probably more worth the cost to think about safety of the data against attack (database security), theft protection etc.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263