Geek Answers Handbook

Third party credential encryption

I have an application in which I need to store third-party credentials for services such as Amazon S3, FTP, SFTP, etc.

I know that you can access some of these systems without passwords, but this one has its problems. If our customers provided us with access to their S3 buckets via ACLs, we would still need to check which bucket belongs to that user, the same applies to SFTP and ssh key auth.

We will try as much as possible to allow alternatives without a password, if possible, but sometimes (FTP) it is simply not possible. Therefore, I am looking for advice on how to store this sensitive data in our database (MySql) or elsewhere.

In the past, I read about people using TrueCrypt partitions that are automatically unmounted, but this will probably require a decent intrusion detection. At the moment, I'm interested in simple approaches that lead to reasonable security and may improve in the future.

Any advice on this would be greatly appreciated!

+4
security passwords encryption
source share
3 answers

There are many possibilities, and since, in my opinion, you are not providing enough information about the context, I will try to give you an overview from my point of view. I assume that here the most important aspect is the confidentiality of your data and user authentication. Data integrity and availability is much less important.

If you need basic security, you can let MySQL handle it with username and password combinations and set permissions for this account. However, since the mysql access control mechanism is not fine-grained (you can set access control rules only for the table, but not for each row), this will probably lead to the creation of a bad database.

If you want to have a passwordless approach, you can provide users with client certificates and give them the opportunity to verify their identity by presenting their client certificates (use TLS for this) or let them sign something (note that this is a concern because you create the so-called oracle for signing).

Another approach is to encrypt your data in the database. You can do this by deriving the symmetric key from the password and encrypting the credentials with this data. The catch here, of course, should be good, because your key output protocol should be good, and this is not easy (therefore, if you choose this, I advise you to use existing key output protocols or use a stream cipher). Take a look here at the streamcipher list http://en.wikipedia.org/wiki/Stream_cipher .

If you really care about security, you can start thinking about fancy solutions, such as smart card authentication, or a time-synchronized device that is protected against unauthorized access, to create access codes. However, please note that these fancy solutions do not give you free security by implementing such systems if they are complex and expensive (due to deployment and ), however, if everything is done correctly, they provide better security.

+3
source share

Ask the user to provide a (strong) password when setting up the account (before they provide their passwords). Then encrypt all the data for this account in your database using the key obtained from the strong hash (SHA256 or something like that) of the user password. Thus, if your servers are compromised, the data will not be detected, because they are encrypted using the user password (well, the hash of the user password) and this password is not stored anywhere on your server.

+1
source share

You need to research the use of keystores. TruCrypt is an example of such a keystore, but it is a personal keystore not intended for service level credentials.

You cannot avoid storing your passwords in a format that someone can access, the goal is to minimize who can access the information. Entering the same MySQL as the application data requires disaster.

0
source share

More articles:


All Articles