[
https://issues.apache.org/jira/browse/DELTASPIKE-1250?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mark Struberg updated DELTASPIKE-1250:
--------------------------------------
Description:
For storing passwords in our configuration I'd like to implement a 2 stage
approach to symmetric encryption.
The current ideas is to have an encrypted hash derived from a master password
and machine specific information (MAC, IP, expiry date, etc).
This encrypted sequence is different on every box. But the decrypted hash is
not.
With this hash we can encode a user password, which is then ofc the same on
different boxes.
Of course all that is just security by obscurity, but it's still much better
than plaintext and even close to Hashicorp Vault.
After all, the only really secure way is using a hardware crypto box plus the
user has to manually provide a password and not using static passwords but
1-time consumable tokens.
was:
For storing passwords in our configuration I'd like to implement a 2 stage
approach to symmetric encryption.
The current ideas is to have an encrypted has derived from a master password
and box-locale information (MAC, IP, expiry date, etc).
This encrypted sequence is different on every box. But the decrypted hash is
not.
With this hash we can encode a user password, which is then ofc the same on
different boxes.
Of course all that is just security by obscurity, but it's still much better
than plaintext and even close to vault.
After all, the only really secure way is using a hardware crypto box plus the
user has to manually provide a password and not using static passwords but
1-time consumable tokens.
> create a master/client encryption handling
> ------------------------------------------
>
> Key: DELTASPIKE-1250
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-1250
> Project: DeltaSpike
> Issue Type: New Feature
> Components: Configuration
> Affects Versions: 1.7.2
> Reporter: Mark Struberg
> Assignee: Mark Struberg
> Fix For: 1.8.0
>
>
> For storing passwords in our configuration I'd like to implement a 2 stage
> approach to symmetric encryption.
> The current ideas is to have an encrypted hash derived from a master password
> and machine specific information (MAC, IP, expiry date, etc).
> This encrypted sequence is different on every box. But the decrypted hash is
> not.
>
> With this hash we can encode a user password, which is then ofc the same on
> different boxes.
> Of course all that is just security by obscurity, but it's still much better
> than plaintext and even close to Hashicorp Vault.
> After all, the only really secure way is using a hardware crypto box plus the
> user has to manually provide a password and not using static passwords but
> 1-time consumable tokens.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
