I'm currently using Oracle 10g. I use DBMS_CRYPTO package to encrypt the passwords of users for login. In order to encrypt or decrypt the data, I must have a key. So where should I put the key in order to hide it from other developers, or is there another way to encrypt data without being able to decrypt back?
In SQL Server, I just use PWDENCRYPT function to encrypt, and when I want to compare the data entered by the users correct or not, I use PWDCOMPARE. Pls advice. Thank you.
To hide the key from other developers, hopefully this article will be helpful, it includes a section on key management:
http://www.oracle.com/technology/oramag/oracle/05-jan/o15security.html
To encrypt data without being able to decrypt it back, you may wish to look into one way hashes. Oracle provides this in the form of DBMS_CRYPTO.HASH, which is simple to use (as discussed here):
SQL> select SYS.DBMS_CRYPTO.HASH('FFFFFF',1) from dual;
7D91F6D9BE28A9756B0D2F11D3AF4F0C
You then store only the hash in the database - you can verify the password if hashing the user input matches your stored hash, but you cannot retrieve the password in any way.
Related
I know there was question like this million times, but I was unable to find answer that will fit my needs.
I'm building something like small internal password manager for my company, to store login data for various servers and so on.
When new user is registered, his password will be saved in database in salted/hashed version so no one can get access to it (and for that part I think it's all ok, correct me if I'm wrong).
But then, when user is logged in, he is able to add new server with it's login details.
Question is, how to store those.
Because, at some point, I have to present this login details to user in plain text (that is whole point of this application).
Best I could came up with is using some kind of symmetric encryption.
Idea is that app will crypt login details with symmetric encryption and save it in that way into database, and then when data is needed once again will extract data from database, decrypt it with same key and present to user (and key should be in source code of application?).
It could be asymmetric encryption but it's the same if public and private key are stored in same source code, then there is no any benefit of using it?
That doesn't seem too secure, but I can't think of anything better.
Is there any better way to do this, to store this login data?
If it's important to you, application will be in PHP and database is Oracle
I would just use symmetric encryption. The standard steps are:
Derive a symmetric key from a user-supplied password (e.g. PBKDF2 or scrypt)
Encrypt the data using AES-128-CBC or better with a good random IV
HMAC the result (e.g. HMAC_SHA256) or just use AES GCM mode
Store IV+ciphertext+MAC in the database.
This can all run in a browser these days (see crypto-js and aes-js). That way the server never gets to see the plaintext password (not sure if this is a requirement).
The MAC can also serve as a password hash, i.e. if the MAC validation fails, then it means the supplied password is incorrect.
I was thinking about this particular scenario .
Suppose I have a table named db_passwords,which stores the passwords for different databases. And now I am worried that anyone can view these passwords by writing a simple selection statement . At the same time I want to have the facility to connect to a particular database from a program .
I got to know that there are oracle encryption packages which encrypts a particular column , by the help of which I can encrypt a particular column of a table and the logging to a db is done by the help of a key .
But I couldn't draw a clear picture of what happens in such a scenario , like ,
for a particular line of a code meant to connect to a db as follow :
sql > connect to "username" identified by "password " using ' db_name".
In the above statement , in place of password , am I supposed to enter the key and if I enter the key will pl/sql automatically decrypt it ?
Looking forward to your illustrations and insights on what exactly happens in such situations .
EDIT
Ok, I had misinterpreted your question. I thought you were creating a login form and wanted to know how to store users passwords. I now understand you simply want to store the passwords for your databases in some other database.
And well, if people that are not supposed to know the passwords for other databases have access to this "password database", then the simple answer is: don't store them there.
Of course, as you noted, by storing passwords in the clear in your DB, anyone will be able to see them. What you need to understand, though, is that encrypting them will not help in any way. If you encrypt them, then your application will need to be able to decrypt them (that is, your application will need to know the key). If your application knows the key, then anyone who has access to your source code is able to take that key and then decrypt the passwords that are stored in the database.
What you should do is store them somewhere only those who are supposed to know the passwords have access to. You can, for example, store them in an encrypted configuration file. The permissions for that file should be set in a way that only the correct OS users (the root, for example) can read it. Then your application will read the password from that file.
You should hash passwords before saving them to the database (ideally in the application level). By hashing, you transform a given input string into another one with a fixed length. The generated string will [ideally] never collide, meaning that "password123" will generate a string, while "password1234" will generate another one completely different.
When the user wants to log-in, you again hash the password he provided and compares it to the hash that is stored on the database. If they're equal, then the password is correct.
If, for some reason, you can't hash at the application level, you can use PL/SQL's built-in hash functions (documentation).
Please note that if you hash with, say, SHA512 and store it directly on the database, there are still ways to discover the original password. To really make your passwords secure in a way no one would be able to "decrypt" them even if they have access to your DB is by hashing the passwords with a random salt. If you want to know more about that, you can read about bcrypt.
I am using aspnet membership provider and by default HASHED password format were being used behind the scene and recently i got that password retrieval is not possible using that format. so i need to change password format to CLEAR OR ENCRYPTED however after doing this
is there any possible way to change password of existing data through database? OR i need to delete all records and start to create from scratch?
Also how one can handle situation where need to change password format from CLEAR to ENCRYPTED?
No, you will not be able to decrypt a hashed password. Hashing is by definition one-way. The two-way option available is the encrypt option, or clear.
The main function of hashing a password is for one-way encryption. Even internally when values are compared they are compared as hashed values.
[OK, technically one could decrypt a hashed value, but this enters into the realm of hackers, rainbow tables, salt values, and I do not think you wish to go there]
For more please see here
I want to encrypt user's personal data then save them in database .
the encryption must be done in application ( I can't do that in sql server side )
now I wonder if it's possible to use each user's password to encrypt and later decrypt their data ? what are pros and cons of this approach /
One big 'con': what if the user changes his/her password? Then you would need to re-encrypt all data!
You've said that you want to store secure personal data of a user. Doing this unless the personal info. is extremely sensitive is generally NOT recommended for a number of reasons. What is commonly done however is hashing + salting of the user's password.
This page has a good explanation on how hashing and salting works and why it's better than encrypting, and then decrypting the password.
http://net.tutsplus.com/tutorials/php/understanding-hash-functions-and-keeping-passwords-safe/
As for encrypting the user's personal information, just like a password we can use a custom salt + hashing algorithm that's quite simple but effective on our application to use the custom hash equivalent of the userID which is expected to be permanent, static and persistent forever.
Since the uID (or a specialized unique string for every user) can be hidden from normal public and we ensure that our custom shared function cannot be accessed from unauthorized sources, we have a solid secured system.
This means, we hash+salt personal info based on a unique string such as a userID and a hash+salt the user's password aswell. For the personal information to be decrypted, both the userID hash and password hash should match with the database.
A better approach would just be to use known encryption protocols within your program. Data sent via HTTPS TLS for example is quite secure if implemented right.
I am very new to web application (ASP.NET). I have source code and database for a complete project.
ASP.NET (Authentication) control is used for login. I don't know the password right now but i can get the login name and password in encrypt format from the database table.
How could I login to the application with only this little information available.
As the control are dynamically created on the pages, it is very hard to debug and find them on runtime.
How could i proceed for login by encrypted password? or is there a way to login by overcoming Authentication control.
The password is probably SHA1 encrypted. Basically what you have to do is SHA1 encrypt the password the user gives you and compare that to the password in your database. Because SHA1 always results to the same thing if the input is the same, you will know that the users given password is correct if both hashes match.
SHA1 encryption is a form of hashing and cannot be reversed.
No, hashed passwords in the database are non-reversible intentionally. This keeps anyone (a hacker?) from reading your database and being able to log in.
As Sam152 said, the passwords are likely SHA1 hashed, so if the passwords are not stored with salt, you can build a rainbow table to find the original password. If they are salted, you need to know the salt to build the rainbow table as well.
You could try implementing custom MembershipProvider by derriving from this class. Then you just override method ValidateUser to meet your requirements. Also remember to modify Web.config.
The point of hashed passwords is that a they can't be used by folks not knowing the decrypted password.
There should be a way to reset the password for users. You could do this and log in based on the reset password.
If you are trying to log in to an active user's account, you may want to consider the implications in doing so without their knowledge (if that is the case). However, if it is just a test user, reseting the password is probably the least cumbersome way. That functionality or procedure should probably be part of web app anyway.
If it's the standard ASP.NET membership stuff, I think it uses a stored proc to check the DB. Just change that and have it return true or whatever.
Adding to the above answers SHA1 encryption output is 40 byte. You should check the length of the encrypted password to get an idea about the kind of encryption..since hash algorithm has predefined no of output bytes, this would help you map with the kind of algorithm and then you should look for possibile salt usage as #MattGWagner said...is the tables in database that stores user information seems like aspnet_users,aspnet_membership, etc? Then this should be the standard authentication provided by windows..Just google and see how it works