11

I'm developing a password manager web app. It's just for fun: I'm not exposing anybody's passwords.

My idea was to use hashing+salting, and that's what I did for the master password. But then I realised that I have to retrieve accounts' passwords in order to use them (and I felt a bit stupid), so that hashing is not an option.

Obviously symmetric encryption is useless in this case because we have the same problem with the decryption key. And asymmetric encryption could be an option but not very practical (the user has the private key and he has to use every time he wants to get a password: not practical).

I don't know how can I use these cryptographic tools (or others) to solve this problem.

Summary: I have to store passwords in a database but I have to be able to retrieve them in plain text.

RoraΖ
  • 12,347
  • 4
  • 51
  • 83
Julen
  • 311
  • 3
  • 6
  • I would stick with the hashing+salting, and implement a reset mechanism to create a new password in the event that a password is forgotten. – RoraΖ Jul 29 '15 at 18:29
  • 2
    @raz They want to create a password manager web app, not a login system. – S.L. Barth Jul 29 '15 at 18:32
  • @raz This is for a password manager, so that's not an option. – Xander Jul 29 '15 at 18:32
  • 3
    Password managers use symmetric encryption keys, and a strong KDF to derive the master key encryption key. – Xander Jul 29 '15 at 18:36
  • @Xander At the end of the day it is a web application which requires authentication, independently of what it does (managing password or selling ice creams). –  Jul 29 '15 at 18:40
  • 2
    @KagueiNakueka Yes, but that's irrelevant to the question at hand. – Xander Jul 29 '15 at 18:41
  • Yes you are right. It is all about using the saved password rather then retrieving a lost password. –  Jul 29 '15 at 18:43
  • Look into host proof hosting: https://www.passpack.com/blog/2008/03/host-proof-hosting/ – Petah Jul 30 '15 at 00:05

2 Answers2

10

The normal mechanism for a password manager is to have some sort of "master key" and encrypt the data (symmetrically) with that key. The master key, in your case, being derived from the master password through proper password hashing (so it becomes, in this case, password-based key derivation). So use bcrypt or PBKDF2 to turn the user's master password into a key K, and keep all the data for that user encrypted with K.

Making that as a Web application is of questionable wisdom. Even if you do it all client-side in JavaScript, that JavaScript is still code sent by the server, and code that sees all passwords for all users, so the server becomes a very sensitive and juicy target (if the server goes under hostile control, that would turn into an orgy of password theft).

Tom Leek
  • 170,038
  • 29
  • 342
  • 480
  • He could implement a secondary method of authentication based on personal question challenges or e-mail. But I totally agree that a web application for this purpose is questionable. –  Jul 29 '15 at 19:07
  • From a web app perspective, I believe LastPass claims to not ever store your master password (to avoid the issue you mention). Also they allude to some interesting details of how the app is implemented. https://lastpass.com/how-it-works – KDEx Jul 29 '15 at 23:28
  • @Morgoroth That doesn't address the issue mentioned. The issue mentioned is that the JavaScript could be hijacked/corrupted by hacking the server. It doesn't matter if you store the password when an attacker can capture it as the user types it in. The practice of not storing passwords/keys makes it immensely more difficult to recover data by stealing it from the servers and impossible for an entity (such as a government) to force the company to divulge it. – jpmc26 Jul 30 '15 at 01:39
0

You can see how banks probably do it, but the security really depends on the weakest link and personally I'd pay much more attention to web security (XSS, CSRF etc).

It will be much better if the front-end is responsible for decrypting so both the master key and the clear-text passwords never exist in server memory or the network. This however limits the amount of trick you can put in the backend database.

billc.cn
  • 3,892
  • 1
  • 17
  • 24