• 0

[Concept] would this encryption method work

Asked by gohpep,

 Share

Question

Mentor

gohpep

Posted
Posted

I was thinking of a secure encryption key generation method for privately storing files on public servers, for example, OneDrive.

 

When the user creates their account, the password is used in a key generation method unique to each user, to create an encryption key. Their stored password on the server (and all of their files) are encrypted using this key. To login, the user enters their password, and the system checks if it is the right one by generating a key using the same key generation method using the entered password. It then decrypts the encrypted password file, and sees if the entered password matches the stored password. If their password is correct, it will generate the correct key which will decrypt the password file with the correct password, and if the password is incorrect, it will generate a wrong key which will decrypt the password file to gibberish.

 

Not wondering how to code this, but if it would conceptually work.

3 answers to this question

Recommended Posts

  • 0
Grand Master

+theblazingangel MVC

Posted
  • MVC
Posted

Is there just the one password and server or two?

 

I'm sorry but either A) there are two passwords and servers and you've completely failed to describe a relatively simple concept clearly, (a concept which may have a little merit to it, but is nothing we haven't already had before) or B) there's only one and this is a very poorly thought through idea. Either way you inspire in me absolutely no confidence that you currently have what it takes to properly design and build a secure encryption solution. Sorry :/

  • 0
Grand Master

+Majesticmerc MVC

Posted
  • MVC
Posted

Why not just run the files you want to encrypt through a standard encryption algorithm using the supplied password?

Doing this:

[Password] -> [Hash algorithm] -> [Key] -> [Decrypt Key File] -> [Key] -> [Decrypt file]
offers no advantages, and a larger area of attack, and potentially weaker encryption than just:

[Password] -> [Decrypt file]
  • 0
Collaborator

Richard Grant

Posted
Posted

No it wouldnt work, if your encryption is cracked then your algorithm for password hashing could be cracked and influence brute forcing.

Not only that but if your encryption is cracked then they would be able to get the users password.

 

IF your going to make a unique key save it as a seperate field in your database.

 

 

For strong security i would do exactly what

Majesticmerc

has recommended.

 

At your level(no offence) I would stronly advice against you writing your own encryption if the data is sensitve.

This topic is now closed to further replies.
 Share
Go to question listing

  • Posts

    • The list of Mac devices rumored to get macOS 26

      By Circaflex · Posted

      At some point, hardware becomes obsolete and we cant blame vendors for dropping support. Much of the models dropped, run Intel hardware which means they can install something else on the device if they truly want to keep using it.
    • Microsoft shares "immediate remediation" script if you deleted this Windows system folder

      By ecmarm · Posted

      Well, that was fun: PS C:\WINDOWS\system32> Install-Script -Name Set-InetpubFolderAcl WARNING: Unable to download from URI 'https://go.microsoft.com/fwlin...627338&clcid=0x409' to ''. WARNING: Unable to download the list of available providers. Check your internet connection. PackageManagement\Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags. At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7468 char:21 + ... $null = PackageManagement\Install-PackageProvider -Name $script:N ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-PackageProvider], Exception + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackageProvider PackageManagement\Import-PackageProvider : No match was found for the specified search criteria and provider name 'NuGet'. Try 'Get-PackageProvider -ListAvailable' to see if the provider exists on the system. At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7474 char:21 + ... $null = PackageManagement\Import-PackageProvider -Name $script:Nu ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (NuGet:String) [Import-PackageProvider], Exception + FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.ImportPackageProvider WARNING: Unable to download from URI 'https://go.microsoft.com/fwlin...627338&clcid=0x409' to ''. WARNING: Unable to download the list of available providers. Check your internet connection. PackageManagement\Get-PackageProvider : Unable to find package provider 'NuGet'. It may not be imported yet. Try 'Get-PackageProvider -ListAvailable'. At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7478 char:30 + ... tProvider = PackageManagement\Get-PackageProvider -Name $script:NuGet ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Microsoft.Power...PackageProvider:GetPackageProvider) [Get-PackageProvider], Exceptio n + FullyQualifiedErrorId : UnknownProviderFromActivatedList,Microsoft.PowerShell.PackageManagement.Cmdlets.GetPackageProvider Install-Script : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' or newer version of NuGet provider is installed. At line:1 char:1 + Install-Script -Name Set-InetpubFolderAcl + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: ( [Install-Script], InvalidOperationException + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Script
    • The list of Mac devices rumored to get macOS 26

      By Skyfrog · Posted

      Because Apple has never discontinued Mac models before now?
    • Here's why it makes sense to name it iOS 26 and why it doesn't

      By Skyfrog · Posted

      I recall reading that they intend to synchronize the version numbers between iOS, tvOS and macOS, so we will also be getting macOS 26 up next.
    • The list of Mac devices rumored to get macOS 26

      By neufuse · Posted

      every time.... why can't I install windows 11 on my 8088?

  • Recent Achievements

    • Week One Done
      abortretryfail earned a badge
      Week One Done
    • First Post
      Mr bot earned a badge
      First Post
    • First Post
      Bkl211 earned a badge
      First Post
    • One Year In
      Mido gaber earned a badge
      One Year In
    • One Year In
      Vladimir Migunov earned a badge
      One Year In

  • Popular Contributors

    1. 1
      +primortal
      490
    2. 2
      +FloatingFatMan
      258
    3. 3
      snowy owl
      249
    4. 4
      ATLien_0
      223
    5. 5
      +Edouard
      190
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!