3

I'm developing a wordpress plugin. In that plugin the user need to type some important login details, which I will use in a cron-job.

I will of cause like to encrypt the password, and found this useful stuff: Best way to use PHP to encrypt and decrypt passwords?

However, how should I save the key? I can't save it in a file, since all files will be replaced when the user update the plugin. And save it in the database, well - that's not exactly smart i guess.

Any suggestions?

Community
  • 1
  • 1
Kenneth Poulsen
  • 929
  • 10
  • 25
  • 2
    Why do you think that saving in the database isn't smart? – Ozair Kafray May 31 '12 at 05:06
  • 1
    I guess the reason you want to encrypt the password in the first place is to prevent abuse if someone get access to your database. So by saving the key in the database will kinda make it worthless, since someone can grab the key and decrypt. Or am I wrong? – Kenneth Poulsen May 31 '12 at 05:11
  • Why don't you hash the password? Is there any particular reason? – nhahtdh May 31 '12 at 05:19
  • I want too (see link in my first post), but i still need a key to hash it (and un-hash), right? Where should I save that key? – Kenneth Poulsen May 31 '12 at 05:42
  • @nhahtdh If he needs to use the password to get access to some other system, hashing it is probably not a good idea (as hashing usually only works one way). – Fredrik May 31 '12 at 05:43
  • @KennethPoulsen: You have to store the hash of the password it in the database. Since MD5 hashing (http://php.net/manual/en/function.md5.php) is one way, you don't need to worry about the password being figured out easily by attacker. – nhahtdh May 31 '12 at 05:47
  • Exactly, I need the login details unencrypted for a cron-job, so I cannot depend on user interaction like a normal login system etc. – Kenneth Poulsen May 31 '12 at 05:47
  • @ nhahtdh: How do I pull that hashed password from the database for use in my cronjob then? I need it un-encrypted. Isnt md5 hashing one-way? – Kenneth Poulsen May 31 '12 at 05:49
  • md5 is a hashing algorithm not an encryption. All hashes are one-way. – Shiplu Mokaddim May 31 '12 at 05:50
  • @shiplu.mokadd.im: Yep, so hashing can't be used in this case, since I need the login details for the cronjob. What I need is the solution posted in the link within my first post, but what's the best way to save the key securely? – Kenneth Poulsen May 31 '12 at 05:54
  • If you need to use the key you need to save it full. Not the hashed one. – Shiplu Mokaddim May 31 '12 at 05:55

2 Answers2

2

If you encrypt, you would still have to then store the encryption key on the same machine - only code obfuscation could slow down the attack from happening then.

In the best case scenario, only your database is vulnerable, in which case storing the encrypted password in the database and the key in the filesystem is not a terrible solution.

Worst case scenario, the system was throughly compromised. In this case, no amount of encryption is going to save you if you have to store the key in plain sight. Obfuscation might complicate matters, giving the owner enough time to secure the account.

Nick Caballero
  • 944
  • 1
  • 8
  • 19
  • That's what I have been thinking about. Saving the encrypted details into the database and the key in a seperate file. But the problem is; When a user update the plugin, then all files will be replaced by new fresh ones, also his key. Blaaa.... so frustrating :( – Kenneth Poulsen May 31 '12 at 05:56
  • I'm not well versed on Wordpress but isn't there a directory where you can place configuration files? – Nick Caballero May 31 '12 at 06:02
  • If not, maybe you could just make that part of the installation process for the plugin - generate a key. – Nick Caballero May 31 '12 at 06:02
1

I think its better, if you save the key on the database table. About the part of securing the database and making sure that the data in the table will only be accessible by the authorized person, You can create a second user, with the privilege of accessing and reading such vital tables.

Therefore, create a separate user, who will have the authority to access the table and its contents. Now, use the website, with a different user, and switch to a administrative database user, when you need to access the encryption key and other vital information.

Starx
  • 77,474
  • 47
  • 185
  • 261