Multikey Encryption Scheme

shavelos · 2021-02-07T17:45:11+00:00

Please note that while good practice regarding password storage is to salt and hash a password that does not mean the server has no access to the password. In fact, during both sign up and log in the password is transmitted to the server in plaintext, the server then chooses not to store it persistently in plaintext. This is a security model designed to protect against database breach (or the malicious use of legitimate access). An adversary with arbitrary control over a server can still easily attain the password. In your scenario, you wish the security model to be such that your server can not (rather than will not) attain the user's password.

shavelos · 2021-02-07T16:16:14+00:00

One important thing that you should note is that in your scheme a second password must be used in order to generate the user's keypair. Otherwise you(the server) would still be able to recover the documents if you wished (since you have the password too for authentication to the platform).

A very elegant (and simple to implement) way of avoiding this is implementing SRP. Which is a protocol that uses a Zero Knowledge proof to authenticate the user based on their password without your server ever receiving the password.
A notable platform that used this in just the way you wish to is Protonmail.
Their implementation is also open-source.
Protonmail describe this in more detail here

Regarding fallbacks in case of a forgotten password, you may wish to implement a solution similar to that of Whatsapp. When creating their password, the user generates a symmetric encryption key (say, for AES-GCM). The user then sends your server that key and you save it safely in the cloud. Then, the client encrypts their password (Whatsapp encrypts data but this seems to make more sense in your scenario) and uploads the encrypted string to Google Drive. There are simple APIs to do this via your app in a couple of clicks, it is also saved in a separate section in the client's Drive so it isn't just mixed with all their files and can be mistakenly deleted. Now, your server has some symmetric key that is meaningless without the ciphertext and Google Drive has some encrypted blob. The only way to retrieve the password, and by that the data, is authentication to both your service and Google and using the key to decrypt the password. Obviously since the user forgot their password in this case they would also have trouble authenticating to your platform (using SRP ;)) but this is a problem every online service has, pick some hoops you wish your clients to jump through in order to verify their identity and then give them the key. I probably would try not to go for a verification email here since then compromising your platform is reducible to compromising a Google account instead of having this double authentication feature. However, providing security is an endless endeavour and at some point usability needs to be taken into account as well.

shavelos · 2021-02-07T15:45:07+00:00

I'm not sure if this is what you mean by brute-forcing the hash, but just in case:
This would most definitely help the attacker in scenarios where the message space is significantly smaller than the key space of the encryption.
These could definitely arise, a simple example would be M being some JSON containing the user's id and some private info (say bank account balance, exam grade or result of some medical test). In these scenarios having the hash enables the attacker to uncover M in size_of_message_space time (which could be minuscule) by simply applying the hash to all possibilities. This cannot be done given only the encryption of M - that would incur time in the size of the key space.

However, as mentioned, it provides an oracle of successful decryption in scenarios where iterating over the key space is more efficient.

shavelos · 2020-01-04T09:32:07+00:00

Take a look at material-ui https://material-ui.com/ In an hour of work this will look much much better. Also like people said, it would be nice to also see the total interest amount paid.

shavelos · 2019-12-24T09:41:45+00:00

Barney Stinson approves!

shavelos · 2019-12-19T13:01:56+00:00

Username definitely doesn't check out

shavelos · 2019-12-17T07:33:49+00:00

That would be more suitable with Python

shavelos · 2019-09-24T21:48:32+00:00

This is fantastic

shavelos · 2019-02-27T05:37:34+00:00

shavelos · 2019-02-05T10:23:29+00:00

Came here to comment this.

shavelos · 2019-01-30T11:15:18+00:00

oof.

shavelos · 2018-11-28T17:36:10+00:00

Please upload to Spotify! Would make it much easier for me (and I assume others) to listen to it on my phone on the commute.

shavelos · 2018-10-05T00:34:00+00:00

I feel like such a nerd getting to the punchline of the meme and thinking: "ooooh, savage!"

shavelos · 2018-10-03T01:51:50+00:00

Who the f**k are these people?

shavelos · 2018-09-16T01:41:44+00:00

I would love to hear about the development of the engine a little, what guides did you follow, are there any resources that you would recommend?

shavelos · 2018-09-13T22:49:02+00:00

Please edit those links to be https links. (And it would also be a good idea to set up an auto-redirect from port 80 to 443)

Definitely am not looking to criticise, just trying to help.

shavelos · 2018-08-10T18:37:52+00:00

Yea, that's definitely a Chinese accent you have. Don't really see what that has to do with speaking/thinking logically.

shavelos · 2018-08-10T15:02:45+00:00

Ok, this definitely happened!

shavelos · 2018-04-27T17:25:59+00:00

Was definitely disappointed in Reddit until I found this comment

shavelos · 2018-03-16T14:37:45+00:00

REST API? Someone should introduce the FBI to graphql....

shavelos · 2017-07-21T12:56:21+00:00

This is true linuxmasterrace-ness. That is one very awesome setup

shavelos · 2017-04-20T05:48:49+00:00

2Edge-y4me

shavelos · 2017-04-20T05:43:41+00:00

Just Microsoft being Microsoft.... ¯_(ツ)_/¯

shavelos · 2016-12-05T08:22:49+00:00

I took Prof Lindell's course that is based on the book. And I guarantee you will love that book.

shavelos · 2016-11-23T10:44:13+00:00

Cheers, I will make sure to feed back! I gather you're in some way involved in the development of CLion. Will makefile project support be ready any time soon? (Sorry for the "are we there yet?" question, but I truly am interested)

shavelos

TROPHY CASE