Hi,
I was just wondering why you you are using AES_ENCRYPT for storing
"passwords" in Invenio. (I say "passwords" as I realise you are actually
storing the e-mail address encrypted with the password).
I'm not an expert on security, but the issue with AES_ENCRYPT is that it
can be *decrypted*(1) whereas a one way hash (e.g. SHA) can't. Also, why
don't you store and encrypt a random number per user rather than use the
e-mail address? This would be *slightly* more secure(2) and avoid the
problem where users must reset their passwords.
Just to be clear, I don't see a potential attack here.
Apologies if you've answered this many times before.
Regards,
Adrian.
1) I realise all decryption would give you is the e-mail address. I
suppose if an attacker for some reason has the encrypted passwords but
nothing else, they can use a dictionary attack to get the e-mails and
log-in.
2) I say slightly as it requires the attacker to know the random numbers
rather than just the (possibly public) e-mail. But if they have access
to the DB, they probably have the random numbers.
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
