5

We have a J2EE application that talks to multiple external systems. Each external system want our application to be authenticated by username/password. So whenever we talk to the external system, we need to send a username/password. Problem is storing these passwords. We want to store these passwords in a secure form. Obviously we cant use MD5 to hash the password because we need to send the password to external system. So we need to encrypt the password.

  1. Where to store the encrypted password. Database?
  2. Where to store the encryption key?

What is the best practice for this particular problem?

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
Parthasarathy Kesavaraj
  • 88
  • 8
  • possible duplicate of [Preferred recoverable method to store passwords in database](http://stackoverflow.com/questions/11635798/preferred-recoverable-method-to-store-passwords-in-database) – Necreaux Mar 19 '15 at 15:44

4 Answers4

1

I'm not an expert, but I also have similar requirements. This article from security.stackexchange.com discusses the issue. The accepted answer gives alternatives. They are, in short:

  • store them on the file system, which makes them vulnerable if someone gains access to the filesystem
  • force the administrator to enter them on boot up
Community
  • 1
  • 1
Harold Ship
  • 989
  • 1
  • 8
  • 14
1

You could consider storing the passwords in a database.
Using AES-CBC each password would be encrypted with the same key but different IV, you will also need to store the IV of each ciphertext in the database, some people suggest to store IV's separately from the ciphertexts.
The unique key to encrypt/decrypt could be stored into a secure zone of your web server.

This issue was already discussed here: Preferred recoverable method to store passwords in database

Hope this help you.

Community
  • 1
  • 1
Jose Pablo
  • 111
  • 4
1

you can use gpg to encrypt/decrypt while storing and retrieving passwords. You can have the certificate stored in your server (and a backup copy with offline) of course this will mean if someone gets privileged access to your server your passwords are compromised, but there are more pressing things to worry about in that scenario.

Raed
  • 519
  • 1
  • 6
  • 23
0

The most secure way to store a password is to avoid storing passwords on the server. Instead to save password verifier, which can be used to verify password, but cannot be used to recover the password. One of the implementation is Secure Remote Password protocol. In this protocol:

  1. Server computes password verifier from username, password and salt and saves it.
  2. Client wants to authenticate and requests server credentials from server.
  3. Server randomizes verifier to produce server credentials and share them with client.
  4. Client uses salt (known to both parties), username and password to obtain randomized client credentials and share them with server.
  5. Server combines verifier with client credentials to obtain common shared key.
  6. Client combines password with server credentials to obtain common shared key.
  7. If keys are the same authentication is successful.

As password is not stored on server and is not being ever sent by client it cannot be stolen.

divanov
  • 6,173
  • 3
  • 32
  • 51