How to implement data encryption algorithm?

A

Alexey Yarkov2016-05-13 22:17:55

Angular

Alexey Yarkov, 2016-05-13 22:17:55

Hello. I am writing something like a service for storing passwords and logins. In general, the main functionality is ready and there is even a web muzzle. But the idea arose that it would be necessary to encrypt the data with some kind of master password, not relying only on the reliability of authentication. For example, they hijacked an account, logged in, and the server will give porridge instead of data, the password for decrypting which only the creator has. But there are nuances:
1. The password should not be stored on the server
2. Forgetting the password, we lose all data
3. When to ask for the master password? Once upon authorization on the site and stored in sessionStorage, or every time when performing CRUD operations (idiocy!!!)?
4. Encrypt/decrypt before sending or on the server? (CryptoJS.AES) Am
I paranoid anyway?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

N

Nikita, 2016-05-13
@jetu

> "password storage service"
> "main functionality is ready"
> "it would be necessary to encrypt the data"
don't you think that there is a logical error hidden here?
On the topic, see how the process is organized by 1Password, do the same