• 0

[Concept] would this encryption method work


Question

I was thinking of a secure encryption key generation method for privately storing files on public servers, for example, OneDrive.

 

When the user creates their account, the password is used in a key generation method unique to each user, to create an encryption key. Their stored password on the server (and all of their files) are encrypted using this key. To login, the user enters their password, and the system checks if it is the right one by generating a key using the same key generation method using the entered password. It then decrypts the encrypted password file, and sees if the entered password matches the stored password. If their password is correct, it will generate the correct key which will decrypt the password file with the correct password, and if the password is incorrect, it will generate a wrong key which will decrypt the password file to gibberish.

 

Not wondering how to code this, but if it would conceptually work.

3 answers to this question

Recommended Posts

  • 0

Is there just the one password and server or two?

 

I'm sorry but either A) there are two passwords and servers and you've completely failed to describe a relatively simple concept clearly, (a concept which may have a little merit to it, but is nothing we haven't already had before) or B) there's only one and this is a very poorly thought through idea. Either way you inspire in me absolutely no confidence that you currently have what it takes to properly design and build a secure encryption solution. Sorry :/

  • 0

Why not just run the files you want to encrypt through a standard encryption algorithm using the supplied password?

Doing this:

[Password] -> [Hash algorithm] -> [Key] -> [Decrypt Key File] -> [Key] -> [Decrypt file]
offers no advantages, and a larger area of attack, and potentially weaker encryption than just:

[Password] -> [Decrypt file]
  • 0

No it wouldnt work, if your encryption is cracked then your algorithm for password hashing could be cracked and influence brute forcing.

Not only that but if your encryption is cracked then they would be able to get the users password.

 

IF your going to make a unique key save it as a seperate field in your database.

 

 

For strong security i would do exactly what

Majesticmerc

has recommended.

 

At your level(no offence) I would stronly advice against you writing your own encryption if the data is sensitve.

This topic is now closed to further replies.
  • Posts

    • Been happy with Windows 11 myself even since first release in 2021, sure it hasn't always been perfect, but nothing is per say.. Issues i did have was minor ones, which is normal with any OS really. I still use Windows 10 at times on my unsupported Gaming Laptop, and i find myself using the Windows 11 Desktop more. Eventually replacing Gaming Laptop with a Windows 11 Compatible one somehow, someway this year or possibly next year at the latest, but its gonna happen--(May save all my Bing reward points except the 1000 to have extended support for 10) then work on getting quality Replacement hard)
    • Geez, this is dumb. I use my laptop sometimes in the dark when doing astrophotography to control my astro-PC... this explains why I have to keep entering my PIN when logging back in. So stupid. I can't see the keyboard in the dark, and I can't have lights everywhere to light it up because everything is very light sensitive (including my eyes!).
    • Naturally. I don't care about brand loyalty at all as it's all about price/performance/reliability etc (even what RejZoR said below is a great point to). basically bang-for-the-buck. because at the end of the day... one wants the cheapest possible price to maintain a certain minimum level of performance (or thereabouts). because generally after a certain point with CPU and GPU's the price starts to sky rocket without that much difference in performance where it really matters. p.s. historically I have bought more Intel CPU's and NVIDIA GPU's but I have had some AMD CPU's and one AMD GPU.
    • Both of these companies as well as Qualcomm and Apple need competition. Otherwise, they just coast. I don't prefer macOS, though I like some of Apple's hardware, but if anyone needs competition, it is Apple. Their prices are already outrageous and they need to have a reason to produce good hardware and at least keep prices remotely reasonable. (It is criminal what they charge for RAM upgrades especially.) Qualcomm needs to push AMD and Intel not to be so sloppy with the performance/efficiency aspect. Granted, AMD has been doing quite well in this respect considering they are not an ARM architecture. I personally want to have more options that truly compete with Macbook Air and Macbook Pro's on the Windows side. It is difficult to achieve what Apple does since they control the entire stack and that is fundamentally different for Windows PCs other than maybe Microsoft Surface PCs.
  • Recent Achievements

    • Week One Done
      Hartej earned a badge
      Week One Done
    • One Year In
      TsunadeMama earned a badge
      One Year In
    • Week One Done
      shaheen earned a badge
      Week One Done
    • Dedicated
      Cole Multipass earned a badge
      Dedicated
    • Week One Done
      Alexander 001 earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      569
    2. 2
      +FloatingFatMan
      182
    3. 3
      ATLien_0
      179
    4. 4
      Skyfrog
      111
    5. 5
      Som
      106
  • Tell a friend

    Love Neowin? Tell a friend!