1

So,

I have a mysql table which stores passwords, and these passwords can not be hashed, cause I need to recover it to plain text later.

I have a javascript, which via ajax/php takes these passwords from a mysql database and sends it to another server that will use it to authenticate, that's why i need to have them in plain text when I send.

I know there's base64 and other encryptation alghorythms, but that's unsafe.

The best solution I found is OpenSSL, but I'm not sure if I'm on the right path. Am I?

Felipe Zavan
  • 1,654
  • 1
  • 14
  • 33
  • Another option: don't rely on the client to send the plaintext password - Have the first server initiate the request to the second server. – nickb Jul 24 '12 at 21:41
  • Why can they not be hashed? Usually password systems hash the password and then use the entered text (usually password) and hash it and check that the hashed values match each other. – MasterGberry Jul 24 '12 at 21:44
  • They can't be hashed because he needs them to authenticate with another server, probably a 3rd party service. Think online instant messaging clients which must store passwords for their users' IM clients so when the person signs in it can then sign them into their respective messaging services. – drew010 Jul 24 '12 at 21:47
  • Two way encryption for password storage is evil. However, check this: http://stackoverflow.com/questions/1391132/two-way-encryption-in-php – Fabio Mora Jul 24 '12 at 21:47

3 Answers3

3

OpenSSL is a good place to start looking. It supports a very large number of secure encryption algorithms that you can use to encrypt the plain text passwords. AES-256 or Twofish are good algorithms to start looking at. 3DES is also considered sufficient to today's standards.

For good security, you will need to encrypt each user's password with a different key; that is each user has a unique encryption key to them and you do not use 1 key for all passwords. This could be a hash of the user's password that they use on your site, but often user passwords aren't strong, and if they forget the password to your site/service, then they also lose their encryption key.

For the greatest security, you shouldn't store the encryption keys anywhere. When the user logs in with their password, you can generate the encryption key in memory based on their password. Ideally it would not just be a hash of their password, but their password applied through some sort of transformation algorithm.

If that isn't an option, then you should store the encryption keys on a different physical server than the one that stores the encrypted user passwords. The server that stores the encryption keys should have a number of security and access control features in place with very controlled database access so pretty much only your application can access the keys.

And on top of that, you must disclose in your privacy policy that you may store encrypted forms of their passwords for use with the 3rd party service.

Hope that helps. OWASP may have some other helpful information related to what you are going to do.

drew010
  • 68,777
  • 11
  • 134
  • 162
2

thanks for all the answers, I'm going to use an php encryptation method described here: https://stackoverflow.com/a/6639179/1415262

and try some openssl.

For all of the other answers, I have a few problems with them and short time to explain why.

PS.: I can't up vote yet, but special thanks to @drew010 and @fabio :)

Community
  • 1
  • 1
Felipe Zavan
  • 1,654
  • 1
  • 14
  • 33
0

I would HIGHLY recommend that you don't store passwords in plaintext and maybe generate some kind of one-time usage key that is passed from one server to another.

So server one has a key linked to a specific user that is unique, this key is also on server two and that is the key that's passed.

ajtrichards
  • 29,723
  • 13
  • 94
  • 101