15

I want to set up a kind of personal wiki where I can store various sensitive information. However to make it 100% portable and and just plain convineant, I want to put it on the Internet. I'm sure at this point many of you are like "JESUS NO! ARE FOR REAL?" -- hence the question.

Would using a login prompt really be enough security for me have passwords and maybe even banking information up there? I know there is the obvious brute force which is the caveat to many login systems, but how reliable could mine be? If that wouldn't be enough, is there some way of encrypting my website?

AviD
  • 72,138
  • 22
  • 136
  • 218
n0pe
  • 403
  • 1
  • 4
  • 9

4 Answers4

18

I can store various sensitive information. However... I want to put it on the Internet

Yikes, as they say...

In this specific scenario, there are three issues:

  1. The security of your authentication mechanism. You probably need to use TLS to protect this resource, since http basic auth really is basic - plain text, over the internet. Likewise, digest auth sends digests over the internet. Not much better. There's also the threat of interception unless you use TLS, so basically, TLS (https) is pretty much mandatory. The next step here is whether or not infinite re-tries are a possibility - in other words, can you prevent a dictionary attack? SSL is all very well, but unless you use client side certificates anyone can connect and repeatedly try passwords, so you need to ensure whatever web server you're using is configured to deny requests after X attempts. What you have available and can enforce should inform your decision to go ahead with this.
  2. The security of the storage mechanism. If you're using a VPS, your hosting provider can almost definitely log in and definitely have disk access to your VM. If you have a dedicated server, that's a different issue. If you're planning on a shared host, be aware a compromise in one of the other 1000 or so websites running from that box could potentially expose your information. Encrypting that content will require you to have available a key to decrypt it, either on the server (this issue applies) or on the client (the issue below applies). Again, what setup you have available should inform your decision.
  3. The security of the system on which you access that information. A similar question cropped up a while ago for a different purpose, but basically there is no way to force the client system to securely forget the information unless you have full control over it. As an end user and using TLS, you have a greater idea of what is going on, but even so, should you choose to access that information at a cyber-cafe, there are scenarios in which that data can be recovered. Any read is likely to store that information locally for processing and must decrypt it locally, even if it isn't cached, so there is a threat of interception. How much of a threat you think this is again should be something you take into consideration.

How much of an issue these factors are depends on how valuable the information you're storing is to you and to what extent you think you're at risk. For example, my main online bank and online store accounts all point at one email. I wouldn't be comfortable accessing any of those, or their login details, on a cyber cafe computer. However, I have a day to day email for mailing lists and other such info that is far less critical if compromised. So I would have fewer issues using that. If the risk is acceptable to you in storing this information on a wiki, then do it.

  • Very interesting answer, should I maybe look into putting my information in Dropbox or something instead? Or is the security of Dropbox a discussion for another day? – n0pe Jul 11 '11 at 14:25
  • @MaxMackie have a read of http://blog.5ttt.org/dropbox The same idea applies - evaluate the risk you think applies to you. I think there might also be questions on dropbox - have a search around. –  Jul 11 '11 at 14:54
  • DropBox can be an appropriate solution, but don't use it to implement any security controls. Imagine it is just a bucket'o'stuff on the internet: if you have strongly encrypted data in it, you can still be fine, but if it is in the clear or weakly protected then it could be changed, read, deleted etc – Rory Alsop Jul 11 '11 at 14:58
  • @Ninefingers: Very interesting blog. I'll do some searching on the subject, thanks. – n0pe Jul 11 '11 at 14:59
5

It doesn't matter how much you encrypt your site. Once the server thinks it is you attempting to get to the content, it shows it to you. Encryption only protects against people bypassing the authentication.

However, you can encrypt the content without giving the server any keys at all. This means that the server is not able to decrypt the file after you authenticated; it only sends it to you as it is. You then use a personal key to decrypt it locally. That way, you have a two-level protection (i.e. authentication/make file usable)

This has the following advantages:
* username/password restrict downloading of encrypted files
* the files are encrypted, so even if someone does guess or steal a password, he cannot use it.
* you are the only person owning the key necessary to open the file. In order for an unauthorized person to open the it, it would be necessary to either physically steal your computer/hard-disk or inject malware to get your key.

EDIT

I just noticed the 'wiki' part of your question. Of course, if you want to work remotely on the file while it is on the server, it does not work that way. In that case, your personal key must be on the server and the wiki software must know how to decrypt it.

Mike
  • 667
  • 4
  • 9
1

@Mike and Ninefingers both give good answers.

Would using a login prompt really be enough security for me have passwords and maybe even banking information up there?

No. Let me put it this way. Would you use an ATM machine if you noticed several people sitting in cars with video recorders trained on the PIN pad? Thats what you are doing when you use just a username and password to allow access to your banking information. Many people are watching the data being sent from the server to you and back again. It is the same with passwords. Any information being sent between a server and you without encryption is likely being watched by someone.

I know there is the obvious brute force which is the caveat to many login systems, but how reliable could mine be?

Your system could be very secure if you were willing to spend on the order of $10,000 (10^4 for localization), plus ongoing operating costs. However, I'm guessing you were looking to do this for free, or maybe a small monthly sum. In that case I would hesitate to store anything more sensative that your grocery list on your wiki.

If that wouldn't be enough, is there some way of encrypting my website?

Yes there are several posibilites for encryption, but as @Mike points out, if you want the remote server to do more than just hold a file for you, you need a significant amount of infrastructure. Back to the ATM machine... Adding encryption would be like putting a privacy screen between you and the suspicious people with recorders. That will take care of someone seeing your PIN number, but of the ATM machine is encased in stiff cardboard, as soon as you leave someone will rip open the ATM and take out all the cash.

The internet is convenient, but it is a threat rich environment. Instead, buy a USB flash drive, install portable encryption software and portable wiki software, and back it up regularly.

this.josh
  • 8,843
  • 2
  • 29
  • 51
0

LastPass would definitely be a better solution for storing small bits of sensitive information like passwords, credit card numbers, and bank account numbers on the Internet (a.k.a. In the cloud), though nothing can protect you from a malicious Internet Cafe computer. Even using LastPass with a one-time password will still expose all the site passwords you use while on the computer, as well as all the information sent to you while logged in.

Major Major
  • 492
  • 2
  • 9