8

I'm trying to figure out a way to store user-generated text securely in a database (so that only the user is the one who can access his/her stored text). I could have Rails encrypt and decrypt the user's text entries using the user's password as the key, but if the user ever forgot their password there would be no way to ever decrypt their previous content/text (since the Rails app uses BCrypt to store only a hash of the password).

Does anyone know how that could be done? It looks like Dropbox does something like it: "All files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password." (http://www.dropbox.com/help/27) Yet they allow you to reset your password and I'm assuming they don't store your plain text password anywhere.

What am I missing? Any suggestions would be greatly appreciated. Thanks!

James C.
  • 83
  • 2
  • 3
    I don't believe that Dropbox (and others) have data that are "inaccessible without your account password". What they're saying is that they can decrypt it, but they won't do so for you without first authenticating you. Presumably they keep the keys and encrypted data plenty separated, so that if someone loses a hard drive, the data will be safe. – Bill Dueber Dec 10 '10 at 01:52

2 Answers2

0

Logic dictates that are only two options:

  1. You encrypt using a key known to the server (user's key hash or some other identifier). Intruders can potentially read all the encrypted data, but the user can never lose the encryption token because it is on your server.
  2. You encrypt the data using a key known to the user only (e.g. his password). Then intruders will not be able to read encrypted data, but if the user loses his key, the data is as good as a pile of random bits.

It's clear that Dropbox has chosen (1) from the fact that they allow to reset your password.

Gintautas Miliauskas
  • 7,744
  • 4
  • 32
  • 34
  • Thanks. That makes sense. So how then do you follow option 1 without giving an intruder on the server access to the encrypted content and the key to decrypt it (since I'm assuming the key must be stored on the server)? That is, the web app needs access to the database and the encryption key so if you gain access to the web server, you gain access to the data, right? If that's the case, what security would that method of encryption/decryption provide? Sorry, I must be missing something obvious here. – James C. Dec 10 '10 at 03:36
  • The security gain is that it's not enough to have access to user's data, you also have to access the password to that data, which may be more secure (e.g., stored on an isolated web service on a separate security-hardened machine). – Gintautas Miliauskas Dec 19 '10 at 21:30
-1

Build on Gintautas' Option 1 with a two-prong encryption plan:

  1. Apply option 1, with a key that is known to the server, and
  2. Store the database on disk in an encrypted format with a key that is known only to the server. E.g., in an encrypted volume. When the server starts up, the key must be manually entered in order to access the database.

This "static security" provided by part 2 protects against an intruder in the system gaining access to the database files. Maybe not 100% the exact security you're after, but getting closer.

Dogweather
  • 15,512
  • 17
  • 62
  • 81
  • Usually hacked systems are live, so if an encrypted volume has been mounted on startup, the attacker would be able to read it all. I do not see any benefits to your suggestion. – Gintautas Miliauskas Dec 19 '10 at 21:32