Erm. Did I miss the msg where you said you won’t be doing that?
ofc, there will be security if we do implement this, most likely an off-site master key that a generator must make
obviously, they can see the passwords, but they will be encrypted
Why?
How does it help the dev if they can see an encryted password that they can’t unencrypt.
And if they can unencrypt thats a problem.
off-site master key
I am planning AES-128 for the passwords…
I just feel wayyy more comfortable knowing my info cannot be accessed…
What @DerDer56 said still stands:
Ok I agree and think it would be smarter for them to just see usernames and block users
We will not be implement anyway for devs or anyone to veiw passwords. They may only veiw user names and block users for abuse.
tell us about how you came to choose that, because we enthusiasts aren’t satisfied if you just pick any old crypto algorithm
- because aes is a very small algorithm
- html-db was originally made for efficiency and small size, so, naturally, aes-128 is a good choice
- if you didn’t understand, go back to 1 and 2
@idodev the passwords can be accessed, but yet again, only decryptable using an off-site master key
Thanks for posting why you’ve selected AES-128.
Would you be willing to talk about the details of how HTML DB integrates the off-site master key? Because a number of issues make that tricky:
- making sure that off-site service that holds the master key has good availability so someone can use HTML DB to sign in at any time
- preventing the developer from accessing that key, or ideally for no one at all to be able to access the key
- backing up the master key or otherwise can’t easily be lost
- how the off-site service authenticates the app that needs to process a sign in attempt
HOW TO STORE PASSWORDS
Client
- Collect the user’s input.
- Check the strength of the user’s password.
- Check if the password has been included in a breach.
- If both of the above was okay, send the password to the backend server.
Server
- Receive the user’s input.
- Generate a random salt.
- Select a strong hashing algorithm. (sha512)
- Combine the user’s input with the salt. (salt + password).
- Hash the combined data.
- Combine the hash with salt. (salt + hash).
- Store the hash in the database
We alreaady have partially planned this out, it will interact with an off-site api that stores all of these keys, and whenever html-db is downloaded, it will reach out to this api, and generate a key, the key will be saved on the api, and then be given to the person who install html-db once and once only, they can generate a new key by re-installing html-db, and that about wraps it up…
almost forgot to mention, we do have a w.i.p. site where you can access all keys, but that is not yet done, nowhere near in fact
hibp v2 has been discontinued, link v3
The part where it gives the key to the person who installs html-db would be subject to the same complaints people had against letting the developer see the cleartext passwords. In the design you described, the site owner/developer/person who installs has access to the encrypted passwords and the key, which would allow them to decrypt and view the passwords.
Here’s my module I just made for hashing. I recommend using this because it is idiot simple. Meaning that any javascript beginner should be able to use it without issues.
In other words, the module is idiot proof.
is it reversable?
No, a hash is a one way function. You cannot possible ever extract the information my module produces.
welp, then we can’t use it, best to make something 2 way
I think with the test function you can still compare an input with the hash, just not extract the data from the hash
Why would you ever want to know the users password? That is a major security risk.
Let me tell you something that actually happened:
A couple of years ago, Adobe did the exact same naive thing, they encrypted their passwords. What happened is that their database got hacked, and then a bunch of hackers leaked everything. So now a bunch thousands hackers and programmers have a HUGE list of encrypted passwords and their password hints.
Story short, over 10GB worth of passwords was leaked. Think about that before you publish this.