0

I know saving passwords in plain text is in a database is bad, but I need to save the password in a way that the users can retrieve and view them.

The Database will be located within our web host and access to it will be restricted to known IP Addresses, the actual scripts that will be accessing the database will be located in a different datacentre which is locked down for all access to our specific known IP Addresses.

What I'm thinking of doing is creating an encryption key based on the unique school name, location and a 64 digit string. This will secure the password which will then be saved into the database.

To decrypt this, the script will have to read the school name and location from the DB and add the 64 digit string and then decrypt the password to display to the user.

When this goes live the 64 digit string won't be saved in the script it will be passed on the URL.

Using this https://stackoverflow.com/a/57249681/2134973 I've managed to get the password to be encrypted and decrypted. But as soon as I save the encrypted password to the database, it fails to decrypt when read back from the Database.

The code I have so far is: From the initial database read I have :

$school = $db['school'];
$location = $db['location'];
$password = $db['password']; // plain text

I then encrypt using:

define('ENCRYPTION_KEY', "{$school}r$qVsYRk4*&H?=pb9sRdJHLbtERBwGSxezJa5eG?Zb#SrC&q2yzHLE=BjU?Wm9sM{$location}");
$OpensslEncryption = new Openssl_EncryptDecrypt;
$encrypted = $OpensslEncryption->encrypt($password, ENCRYPTION_KEY);

and save $encrypted back to my database.

For decrypting it I'm reading the data from the database and processing it as:

$school = $db['school'];
$location = $db['location'];
$password = $db['password']; // encrypted

define('ENCRYPTION_KEY', "{$school}r$qVsYRk4*&H?=pb9sRdJHLbtERBwGSxezJa5eG?Zb#SrC&q2yzHLE=BjU?Wm9sM{$location}");
$OpensslEncryption = new Openssl_EncryptDecrypt;
$decrypted = $OpensslEncryption->decrypt($password, ENCRYPTION_KEY);

If I var_dump $decrypted I get NULL.

If I dump the $encrypted and $password (after encryption) they are both the same string length.

The field in the database is defined as VARCHAR 1024

Can anyone advise how to do this, or if there is a better more secure way.

Ultimately I need to user to be able to see the passwords as plain text, but store them as securely as possible.

Thanks

UPDATE

The password held in the database don't belong to the users who are logged in. They are passwords to our internal systems which are all IP authenticated as well.

The users need to see these passwords.

Rocket
  • 1,065
  • 2
  • 21
  • 44
  • Use single quotes for the strings, and in any case concatenate the variable value instead of interpolating it. "$hello" is the value of the $hello variable '$hello' is the literal $hello. Here `{$school}r$qVsYRk4*&H...` you see you have a `$` after {$school}, that can be messing up the string. – Juan Apr 19 '20 at 12:04
  • Also, if the 64 digit is part of the encryption key, you souldn't put it as part of the URL. URLs get cached by browsers, and logged by servers. Instead it would be a better option to send it in the body of a POST or as header in the request. – Juan Apr 19 '20 at 12:07
  • 1
    "*I need to save the password in a way that the users can retrieve and view them.*" **Don't**. Just don't do this. There's not a single reason to ever do such a thing and your users will be really angry at you for breaching their privacy. – Dharman Apr 19 '20 at 12:21
  • use the usual procedure for lost passwords, generate a new one and force the user to change it first he visits the side. – nbk Apr 19 '20 at 12:22
  • Original post updated. – Rocket Apr 19 '20 at 14:03
  • @Juan sorry please can you explain this further. Thanks – Rocket Apr 19 '20 at 14:03
  • 1
    Just try `$aVar = '1234'; echo "$aVar
    ";echo '$aVar
    '; ` and see the differece. In this string `"{$school}r$qVsYRk4*&H?=pb9s"` `$qVsYRk4` is considered an undefined variable.     – Juan Apr 19 '20 at 15:59
  • Thanks I see what you mean. My issue appears to be decrypting the password, once it's received from the Database. As a test I decrypted it before saving to the DB and it works.. but it fails when I retrieve it from the DB. Any ideas ? – Rocket Apr 19 '20 at 16:20

0 Answers0