• 0

[Concept] would this encryption method work


Question

I was thinking of a secure encryption key generation method for privately storing files on public servers, for example, OneDrive.

 

When the user creates their account, the password is used in a key generation method unique to each user, to create an encryption key. Their stored password on the server (and all of their files) are encrypted using this key. To login, the user enters their password, and the system checks if it is the right one by generating a key using the same key generation method using the entered password. It then decrypts the encrypted password file, and sees if the entered password matches the stored password. If their password is correct, it will generate the correct key which will decrypt the password file with the correct password, and if the password is incorrect, it will generate a wrong key which will decrypt the password file to gibberish.

 

Not wondering how to code this, but if it would conceptually work.

3 answers to this question

Recommended Posts

  • 0

Is there just the one password and server or two?

 

I'm sorry but either A) there are two passwords and servers and you've completely failed to describe a relatively simple concept clearly, (a concept which may have a little merit to it, but is nothing we haven't already had before) or B) there's only one and this is a very poorly thought through idea. Either way you inspire in me absolutely no confidence that you currently have what it takes to properly design and build a secure encryption solution. Sorry :/

  • 0

Why not just run the files you want to encrypt through a standard encryption algorithm using the supplied password?

Doing this:

[Password] -> [Hash algorithm] -> [Key] -> [Decrypt Key File] -> [Key] -> [Decrypt file]
offers no advantages, and a larger area of attack, and potentially weaker encryption than just:

[Password] -> [Decrypt file]
  • 0

No it wouldnt work, if your encryption is cracked then your algorithm for password hashing could be cracked and influence brute forcing.

Not only that but if your encryption is cracked then they would be able to get the users password.

 

IF your going to make a unique key save it as a seperate field in your database.

 

 

For strong security i would do exactly what

Majesticmerc

has recommended.

 

At your level(no offence) I would stronly advice against you writing your own encryption if the data is sensitve.

This topic is now closed to further replies.
  • Posts

    • Consumer Reports is flat out wrong. Wouldn't be the first time it's a fact that when you have more moving parts, you have more room for failure. Less points of failure when all you replace on an EV is the tires and the wipers.
    • WYSIWYG Web Builder 20.2.2 by Razvan Serea Web Buialder is a WYSIWYG (What-You-See-Is-What-You-Get) program used to create complete web sites. WYSIWYG means that the finished page will display exactly the way it was designed. The program generates HTML (HyperText Markup Language) tags while you point and click on desired functions; you can create a web page without learning HTML. Just drag and drop objects to the page position them "anywhere" you want and when youre finished publish it to your web server (using the build in Publish tool). Web Builder gives you full control over the content and layout of your web pages. One Web Builder project file can hold multiple web pages. Desktop publishing for the web, build web sites as easy as Drag & Drop "One Click Publishing" No FTP program needed. No special hosting required, use with any Hosting Service! Easily create forms using the built-in Form Wizard plus Form validation tools and built-in CAPTCHA. Advanced graphics tools like shapes, textart, rotation, shadows and many other image effects. Fully integrated jQuery UI (Accordion, Tabs etc), animations, effects and built-in ThemeRoller theme editor. Google compatible sitemap generator / PayPal eCommerce Tools Many navigation tools available: Navigation bars, tab menus, dropdown menus, sitetree, slidemenus. Built-in Slide Shows, Photo Galleries, Rollover images, Banners etc. Support for YouTube, Flash Video, Windows Media Player and many other video formats. Unique extension (add-on) system with already more than 250 extensions available! Create HTML5 / CSS3 websites today HTML5 document type (optimized HTML5 output). HTML5 audio/video and YouTube HTML5 support. HTML5 forms: native form validation, new input types and options, web storage. HTML5 canvas and svg support in shapes and other drawing tools. CSS3 @font-face. Use non web safe fonts in all modern browsers. CSS3 opacity, border radius, box shadow. CSS3 gradients. Add cool gradient effects using native CSS3 (no images). CSS3 navigation menu. Create awesome menus without using JavaScript or images. CSS3 animations and transitions. Including support for 2D and 3D transforms! Features for advanced users: Login Tools/Page Password Protection. Built-in Content Management System with many plug-ins (guestbook, faq, downloads, photo album etc). Add custom HTML code with the HTML tools. JavaScript Events: Show/hide objects (with animation), timers, move objects, change styles etc. Layers: Sticky layer, Docking layer, Floating layer, Modal layer, Anchored layer, Strechable layer and more! jQuery Theme Manager, create your own themes for the built-in jQuery UI widgets. Style Manager (global styling, H1, H2, H3 etc). Master Frames and Master Objects: reuse common element in your website. and much more! WYSIWYG Web Builder 20.2.2 changelog: Improved: Minor change in HTML formatting of the Overlay Menu. Fixed: Issue with aspect ratio of HTML Video. Download: WYSIWYG Web Builder 64-bit | 30.1 MB (Shareware) Download: WYSIWYG Web Builder 32-bit | 28.0 MB Screenshot: >> Click here << Link: Home Page | Templates | Free extras/addons | Changelog Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • You are like that narcissistic moron and his name is Paul Thurrott.
  • Recent Achievements

    • Collaborator
      Mighty Pen went up a rank
      Collaborator
    • Week One Done
      emptyother earned a badge
      Week One Done
    • Week One Done
      DarkWun earned a badge
      Week One Done
    • Very Popular
      valkyr09 earned a badge
      Very Popular
    • Week One Done
      suprememobiles earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      568
    2. 2
      +FloatingFatMan
      188
    3. 3
      ATLien_0
      177
    4. 4
      Skyfrog
      111
    5. 5
      Xenon
      110
  • Tell a friend

    Love Neowin? Tell a friend!