0

I created a database structure in which a user gets a public and a private key to access information, the public key is uploaded to the database and the private key is encrypted with the users password so I let he can access it. To implement a "Forgot my Password" in this structure an email would have to be sent to the Unser, which provides the option to encrypt the private key with a new password. I thought about storing all private keys somewhere else but that would compromise the entire security, because I don't want the private key or the password stored anywhere in the database. So the problem that I'm having now is that I don't have access to the private key without the original password, so how would I be able to let the user re encrypt it with a new password.

Mercury
  • 594
  • 1
  • 12
  • 28

2 Answers2

1

You don't need the original password to add the option for the user change the password. And is very dangerous create a way to recover the original passoword of the user. If I was you, I would use some hash algorithm, like SHA-256, and store the result as the password of the user.

Well, returning for the question, one way to accomplish this password user change is create a UUID in your User table. When the user try to change his password, you redirect him to a page with this UUID in the link. This UUID works as a temporary key that permit the user change his password.

Per example.

Table: User

id | name | UUID
1  | John | f39a33c3-e7f5-455a-afad-dcf845eb04a1

When the user wants to change the password, you send a link for his e-mail:

http://yoursite.com/recover-password?UUID=f39a33c3-e7f5-455a-afad-dcf845eb04a1

So, when the user enter the new password in the page and submit the informations, you get this UUID and validate if it's really the UUID generated for the user. So, the password change can happen.

Dherik
  • 17,757
  • 11
  • 115
  • 164
  • Haha XD I know it is dangerous to creep the password stored, Ill update the question to be more specific, one sec. – Mercury Dec 26 '16 at 16:34
  • How would the uuid function – Mercury Dec 26 '16 at 16:39
  • @luis, this is an algorithm available in almost any language. In java is: `java.util.UUID` – Dherik Dec 26 '16 at 16:40
  • 1
    You can do the same but in a stateless way - Create a time limited token using a secret key and AES encryption or sign an expiry epoch token using SHA1+HMAC – Alastair McCormack Dec 26 '16 at 16:41
  • This would be an option if the user password would be store in the database in some form and could just get updated, the problem is that I would prefer the public key structure. Is there a way of doing it for my structure ? – Mercury Dec 26 '16 at 16:43
  • @Luis what do you mean? Public key for what? – Alastair McCormack Dec 26 '16 at 16:47
  • I mean asymmetric cryptography. The point to which the email is sent is prefect, and works. But because my database does not have a "Password" column but stores an encrypted version of the private key for the asymmetric cryptography, I can't just change that when the user enters the new password, I need to somehow reencrypt the public key with that new password, and that's what I'm stuck on. How can I built in a way of getting the private key only for password recovery, and without compromising security ? – Mercury Dec 26 '16 at 16:52
  • Hi @AlastairMcCormack! The UUID is a query param of the page. The page can get this UUID in the URL and resend it together with the new password, validating the UUID in back-end to confirm if the UUID belongs to the user. Is this stateful? – Dherik Dec 26 '16 at 16:52
  • @Dherik your solution requires you to store the temporary unique token in the database. That is stateful :) – Alastair McCormack Dec 26 '16 at 16:55
  • @AlastairMcCormack, ow, I get it. – Dherik Dec 26 '16 at 16:56
  • 1
    @Luis I flagged your question for closure as it was too vague. You can ask a better question by including all the details that you've mentioned here (db schema, asymmetric encryption) so that your question is more specific. As it is, poor Dherik has spent a lot of time answering a question that it not applicable for you. – Alastair McCormack Dec 26 '16 at 16:58
  • @Luis thank you for accepted my answer. – Dherik Feb 02 '18 at 14:37
0

The simplest way to achieve this is to decrypt the private key with current password and re-encrypt it with new password and then update the new password in the database.

  • Don't do that. Passwords should never be encrypted. Use a secure hash instead as suggested by Dherik. You don't want to be on the list of potential suspects if the user's account was compromised without obvious signs of attack. You also don't want a single breach (or rogue admin) to have access to all accounts. – SQLmojoe Dec 28 '16 at 20:58