2

For a university project of mine I am making a password manager online and I want to be able to store user's passwords on my server without being able to access it myself. Here is what I intend to do:

  • encrypt users' passwords with RSA encryption
  • store the keys used for encryption, encrypted with a long hash generated on the client side using the master password
  • Having the user type its master password every time some of the keys are used

But in this process there is a huge issue. I am not able to recover/generate new user password. What if they forgot their password.

Based on what I came up with there are two options:

  1. Not giving the users ability to change their password - well this seems like killing the product before the launch

  2. Change user's password by keeping a copy of the key encrypted with some other hash like security question - this does not seem like an option since security questions are obsolete on most modern websites because of security risks.

Do I have some other options except for this ones? I guess I need a 'Trust No One' (TNO) or 'Zero Trust' architecture but there are some holes in my design.

Jonas
  • 5,063
  • 7
  • 32
  • 35
melanholly
  • 168
  • 5
  • 1
    I'm not sure I see the issue - they can change their password by providing you the old one and the new one, you decrypt the content passwords with the old, re-encrypt with the new. – crovers Sep 26 '16 at 13:57
  • well that is true but what if they forgot their password? – melanholly Sep 26 '16 at 14:00
  • Not so related to your question, but why are you using an asymmetrical algorithm to encrypt the passwords? Is it the private key you talk about in the second bullet point? – Anders Sep 26 '16 at 14:06
  • I am using asymmetric encryption so that at some point I can move all the encryption of the passwords on to the client side. This way the sensitive information can be safely transmitted over poisoned network. You might get man in the middle. – melanholly Sep 26 '16 at 14:21
  • @melanholly In that case, the data is lost. That is fairly typical with services like this. One option is to provide a master key they can download and store securely - or a part of one with you retaining the other using Shamir's Secret Sharing or similar. – crovers Sep 26 '16 at 14:28

2 Answers2

4

Recovery or resets are inherently a back door. Having that capacity means that there is one.

What we have done with 1Password Teams and 1Password Families is given that capability to the Team/Family administrators but not to ourselves. (These are indirectly given the keys to all of the vaults, but they aren't given the actual encrypted vault data).

It isn't a perfect solution, but we think it is a good one. Unfortunately it isn't available for individual accounts. And so people forgetting their Master Passwords does lead to catastrophic data loss for those individuals. This is not something we take lightly, but we (and we hope our customers) prefer that risk of data loss to the threat inherent in us (or someone who compromises us) having the capacity to decrypt customer data.

Anyway, you can read about our approach to recovery (though it is sketchy in the current draft) at https://1password.com/teams/white-paper/

Jeffrey Goldberg
  • 5,839
  • 13
  • 18
1

Each set of data is encrypted with a data-key, and then the data-key is encrypted with the user's password (or hash of the password as you mentioned). The solution to your problem is that each of the data-keys should also be stored somewhere, either by the provider if the users are willing to trust the provider with their data, or by the users themselves as a "backup in case you forget your password".

For a password manager, I would guess some users will not want their key stored in a centralized place, so you might want to consider offering them an option of storing their recovery file on your server, or providing it to them to store in a safe place on their own. If they choose to store it themselves and lose both it and their password, then it'll be a bad day for them. (Being both paranoid and forgetful comes with a price.)

TTT
  • 9,122
  • 4
  • 19
  • 31