• 0

[Concept] would this encryption method work

Asked by gohpep,

 Share

Question

Mentor

gohpep

Posted
Posted

I was thinking of a secure encryption key generation method for privately storing files on public servers, for example, OneDrive.

 

When the user creates their account, the password is used in a key generation method unique to each user, to create an encryption key. Their stored password on the server (and all of their files) are encrypted using this key. To login, the user enters their password, and the system checks if it is the right one by generating a key using the same key generation method using the entered password. It then decrypts the encrypted password file, and sees if the entered password matches the stored password. If their password is correct, it will generate the correct key which will decrypt the password file with the correct password, and if the password is incorrect, it will generate a wrong key which will decrypt the password file to gibberish.

 

Not wondering how to code this, but if it would conceptually work.

3 answers to this question

Recommended Posts

  • 0
Grand Master

+theblazingangel MVC

Posted
  • MVC
Posted

Is there just the one password and server or two?

 

I'm sorry but either A) there are two passwords and servers and you've completely failed to describe a relatively simple concept clearly, (a concept which may have a little merit to it, but is nothing we haven't already had before) or B) there's only one and this is a very poorly thought through idea. Either way you inspire in me absolutely no confidence that you currently have what it takes to properly design and build a secure encryption solution. Sorry :/

  • 0
Grand Master

+Majesticmerc MVC

Posted
  • MVC
Posted

Why not just run the files you want to encrypt through a standard encryption algorithm using the supplied password?

Doing this:

[Password] -> [Hash algorithm] -> [Key] -> [Decrypt Key File] -> [Key] -> [Decrypt file]
offers no advantages, and a larger area of attack, and potentially weaker encryption than just:

[Password] -> [Decrypt file]
  • 0
Collaborator

Richard Grant

Posted
Posted

No it wouldnt work, if your encryption is cracked then your algorithm for password hashing could be cracked and influence brute forcing.

Not only that but if your encryption is cracked then they would be able to get the users password.

 

IF your going to make a unique key save it as a seperate field in your database.

 

 

For strong security i would do exactly what

Majesticmerc

has recommended.

 

At your level(no offence) I would stronly advice against you writing your own encryption if the data is sensitve.

This topic is now closed to further replies.
 Share
Go to question listing