Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I am writing an application, running on a server, where multiple users access da

ID: 649799 • Letter: I

Question

I am writing an application, running on a server, where multiple users access data from a database which is AES encrypted with a master secret. The master secret itself is initially randomly generated, and then AES encrypted with a user-secret to yield a 'user-hash'. The master secret is never stored, but the user-hash is stored in a database. When a user enters his user-secret, the user-hash is decrypted to temporarily (on the fly) yield the master-secret which is used to decrypt the data. The data is then send to the user.

If a user is deleted, the user-hash is deleted. He may have saved decrypted data, but cannot decrypt further data.

The question is: How safe is the master-secret in this constellation? If the database is compromised, an attacker has access to the user-hash and the encrypted data. If the attacker was a user, he may also have decrypted data. Will he then be able to break the master-secret?

Explanation / Answer

our master secret is never secure, at least not as you have described it. As a user, I know my private secret. When I use your application, my private secret decrypts the master secret right there in the application. With modest technical skills, I can examine the memory of the process or machine and read the master secret in plaintext any time I wish. I can retain that master secret forever, and the administrator will never know.

To solve this, I expect you are relying on the master secret being secured on a different platform than the one the users are logged into. Your problem has now expanded and shifted to securely communicating the users' secrets to the secure platform. To accomplish that, you need an authentication mechanism. Once you have solved that, there becomes less need for the double encryption as you have defined it - simply authenticate user access to the platform, and revoke it as needed. The platform can own the master secret if on-disk encryption is desired. The user never has to access it directly.

A different approach is that you can allow users to encrypt data locally (using public key cryptography to encrypt a random AES key) but they can never decrypt it themselves. That job is performed only on the server.

Related Questions

I am writing a program on python 3.4 and I\'m not sure how to do it In this prog
Question #3762904
I am writing a program that allows the user to enter up to 10 non negative integ
Question #3639999
I am writing a program that asks the user to input the amount of miles it will t
Question #3543476
I am writing a program that calculates prime numbers and I want to make several
Question #3678697
I am writing a program that calculates the average price for all books, the aver
Question #3750539
I am writing a program that converts integers to 32 bit binary array then conver
Question #3815900
I am writing a program that does various functions. The first problem that I am
Question #3547389
I am writing a program that does various functions. The first probrem that I am
Question #3547221
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I am writing an application that uses a mysql backend to store a users temporary
Next
I am writing an essay about King Kong 1933 movie and need help with general, how

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.