• 0

[Concept] would this encryption method work


Question

I was thinking of a secure encryption key generation method for privately storing files on public servers, for example, OneDrive.

 

When the user creates their account, the password is used in a key generation method unique to each user, to create an encryption key. Their stored password on the server (and all of their files) are encrypted using this key. To login, the user enters their password, and the system checks if it is the right one by generating a key using the same key generation method using the entered password. It then decrypts the encrypted password file, and sees if the entered password matches the stored password. If their password is correct, it will generate the correct key which will decrypt the password file with the correct password, and if the password is incorrect, it will generate a wrong key which will decrypt the password file to gibberish.

 

Not wondering how to code this, but if it would conceptually work.

3 answers to this question

Recommended Posts

  • 0

Is there just the one password and server or two?

 

I'm sorry but either A) there are two passwords and servers and you've completely failed to describe a relatively simple concept clearly, (a concept which may have a little merit to it, but is nothing we haven't already had before) or B) there's only one and this is a very poorly thought through idea. Either way you inspire in me absolutely no confidence that you currently have what it takes to properly design and build a secure encryption solution. Sorry :/

  • 0

Why not just run the files you want to encrypt through a standard encryption algorithm using the supplied password?

Doing this:

[Password] -> [Hash algorithm] -> [Key] -> [Decrypt Key File] -> [Key] -> [Decrypt file]
offers no advantages, and a larger area of attack, and potentially weaker encryption than just:

[Password] -> [Decrypt file]
  • 0

No it wouldnt work, if your encryption is cracked then your algorithm for password hashing could be cracked and influence brute forcing.

Not only that but if your encryption is cracked then they would be able to get the users password.

 

IF your going to make a unique key save it as a seperate field in your database.

 

 

For strong security i would do exactly what

Majesticmerc

has recommended.

 

At your level(no offence) I would stronly advice against you writing your own encryption if the data is sensitve.

This topic is now closed to further replies.
  • Posts

    • This application is a scam. You can accomplish what this application does for free, if it actually even works which I doubt, with free applications. Do not support scams like this.
    • Frankly, I have found my experience to be the complete opposite from yours. For example, I have a nice, high-end ASUS Xonar Essence STX sound card installed - I've had it for 15+ years. Not one single Windows installation from Windows 7 through to 11 has ever detected it. Ever. However, every single Linux distribution has had drivers for it automatically in its kernel. I have never had to install them myself. And the Windows driver issues that plague this card (look up ASUS Xonar screeching) have never existed in Linux. As far as graphics and games and whatnot - I have an AMD Radeon card, so everything runs smooth as butter. Folks who complain and whine about Linux not working because they are using Nvidia cards shouldn't really blame Linux, but Nvidia. But frankly, Nvidia drivers for Linux work much better now. Maybe it's been a few years since you tried out a Linux distribution? I find that Windows, which treated me like a 4-year old with ADHD with all its constant nagging and suggestions everywhere in the apps I would run, was just not for me anymore. I know, Windows is very mature. But to say Linux is in its infancy is simply not true.
    • 5000X3D never supported overclocking https://www.neowin.net/news/of...o-the-ryzen-7-5800x3d-soon/ also the X in Ryzen chips was originally meant to indicate chips that had a higher XFR (eXtended Frequency Range) compared to non-X chips. (now XFR is generally referred to as PBO)
    • I think this advice is aimed at home users not professionals who can expense another PC. Still, there are web versions.
    • AMD 9800X3D, the best gaming CPU, on sale for just $472 with a free 1TB NVMe SSD by Sayan Sen AMD's Ryzen 7 9800X3D processor is currently the best gaming CPU in the world, and it is currently up for sale for a great price (purchase link under the specs list below). AMD's main rival in the processor market, Intel, is also having discounts at the moment on the Core i5-14600K and 12600K for less than $200 so have a look at those if you don't have the budget for a 9800X3D. Built on the Zen 5 microarchitecture, AMD's 9000X3D desktop processors including the 9800X3D feature 2nd Gen 3D V-cache. The performance of the processor is top-notch. Neowin reviewed the 9950X3D which is also based on the same architecture and found that the 9000X3D part was consistently ahead of the previous gen 7950X3D in almost everything except efficiency, and we already know how good the 7000 series (Zen 4) was, as it was already beating Intel. The technical specifications of the Ryzen 9800X3D are given below: Architecture: Zen 5 with 2nd Gen AMD 3D V-Cache™ technology Process Technology: TSMC 4nm FinFET manufacturing process Core Count: 8 cores Thread Count: 16 threads Base Clock Frequency: 4.7 GHz Max Boost Clock Frequency: 5.2 GHz Total Cache: 8 MB + 96 MB (L2 + L3) Thermal Design Power (TDP): 120W PCI Express Version: PCIe 5.0 28 lanes (usable: 24) Overclocking: Unlocked for overclocking TjMax: 95 C Platform Socket: AM5 Memory capacity support: max 192 GB DDR5 Memory Speed: 2x1R DDR5-5600, 2x2R DDR5-5600, 4x1R DDR5-3600, 4x2R DDR5-3600 Get the AMD Ryzen 9800X3D below: AMD RYZEN 7 9800X3D 8-Core, 16-Thread Desktop Processor: $441.94 (Shipped and Sold by Amazon US) || $472.02 (Shipped and Sold Newegg US + free 1TB Kingston NV3 NVMe SSD) This Amazon deal is US-specific and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon US deals page here. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases.
  • Recent Achievements

    • Explorer
      Case_f went up a rank
      Explorer
    • Conversation Starter
      Jamie Smith earned a badge
      Conversation Starter
    • First Post
      NeoToad777 earned a badge
      First Post
    • Week One Done
      JoeV earned a badge
      Week One Done
    • One Month Later
      VAT Services in UAE earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      537
    2. 2
      ATLien_0
      230
    3. 3
      +Edouard
      154
    4. 4
      +FloatingFatMan
      149
    5. 5
      Michael Scrip
      109
  • Tell a friend

    Love Neowin? Tell a friend!