Suppose I\'m developing an app to secure a lot of documents. These documents wer

Question

Suppose I'm developing an app to secure a lot of documents. These documents were encrypted (say, using AES) with a key X.

This key X is basically the password that the user enters before wanting to view any particular document, because that doc need to be decrypted using X.

If the user wishes to change the key X to something else (maybe his password got compromised), then he'll have to decrypt all the documents, and then re-encrypt all of them using the new value of X.

What if, instead, I have a key Y, which is used to decrypt/encrypt the documents. However, Y itself is a key that is stored on the system, encrypted using X, which is what the user enters.

I'm thinking that the advantage of this would be when the user wants to change his password, he only needs to decrypt and re-encrypt Y, without having to decrypt/re-encrypt all the documents.

Are there any possible weaknesses that I'm missing with this method, or is it sound?

Explanation / Answer

There is the obvious weakness that if Y ever gets compromized, changing the password will not help. The attacker will be able to decrypt all past and future documents. One way this might happen is if the password gets compromized, and the attacker gains access to the encrypted value of Y.

TrueCrypt volumes work in a similar way. When you create a volume, a master key is created which doesn't change throughout the lifetime of the volume, even if you change the password.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.