M
M
Maxim Vostrugin2015-06-29 13:11:06
ASP.NET
Maxim Vostrugin, 2015-06-29 13:11:06

How to guarantee the user the inviolability of his data?

Good afternoon!
I am making a small online password manager. Faced with the problem of data storage. I store them in a database.
How can I guarantee the user that their passwords will not be stolen/used? How to protect data?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
O
Ocelot, 2015-06-29
@Vostrugin

Encrypt/decrypt data exclusively on the client side. Do not transmit any data in cleartext to the server, as well as no keys. All client code must be open and auditable. No other way.

V
Vitaly Pukhov, 2015-06-29
@Neuroware

I agree with OnYourLips in my program, I received an md5 hash from the password, from this hash I received a hash using a different algorithm (slow and crypto-resistant), from the received hash I did the hash function N more times (so that the whole process takes at least 1 second) and only the result of this all used as a decryption key with 512 bit RSA. The speed of generating a "heavy" key gives free protection against enumeration, because this process will simply take a lot of time if you have to spend a whole second of computing power on 1 key. Now I'm afraid to forget the password :) I'm sure that if I forget to restore the data, it will definitely not work :)

M
Mikhail Zhilin, 2015-07-09
@Merdue

but at the same time, reliable data storage systems and personnel - remember that absolutely all hacks are the result of hackers working with real people who somehow have the data of interest! If this is data that the user himself stores on his equipment and in his location, then security depends only on his actions with this data in accordance with your instructions. in case of violation, he is the user himself (or maybe he needs it) !!!

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question