www.webdeveloper.com
Results 1 to 5 of 5

Thread: Is encrypting sensitive files worth it?

  1. #1
    Join Date
    Nov 2010
    Posts
    67

    Is encrypting sensitive files worth it?

    Lets assume you have sensitive files that are being uploaded with PHP and you are using a 'secure' encryption method that cannot be decrypted without the key. But here is the issue I have:

    My sensitive files are on the server (windows). My key to decrypt them are also on the server. So in theory, any hacker that can get access to my filesystem, would be able to get to any encrypted or decrypted files since he would be able to access the decryption key.

    The only advantage to encryption in this case is if only the files or only the encryption key is taken. Otherwise a determined hacker could access any file with a little bit of work.

    Am I missing something? Anyway to get around this? Seems this is a hopeless situation and encryption does nothing to protect against this. Only way I can think to minimize the risk is to store the decryption key on a second server, and hope the hacker doesn't get the contents of the second server.

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,321
    If the files are encrypted prior to uploading, then the advantage would be that a "man in the middle" attack that might be able to intercept the file transfer would not have the key, though if using HTTPS, I'm not sure if that's overkill or not -- depends on the sensitivity of the data and the strength of the encryption. In any case, every additional layer of security helps, if just to make the idly inquisitive hacker (as opposed to one specifically targeting you for some reason) go look for easier pickings.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Dec 2012
    Posts
    4
    why don't you encrypt the key on the server as well ?!

  4. #4
    Join Date
    Nov 2010
    Posts
    67
    If the files are encrypted prior to uploading, then the advantage would be that a "man in the middle" attack that might be able to intercept the file transfer would not have the key, though if using HTTPS, I'm not sure if that's overkill or not -- depends on the sensitivity of the data and the strength of the encryption. In any case, every additional layer of security helps, if just to make the idly inquisitive hacker (as opposed to one specifically targeting you for some reason) go look for easier pickings.
    I decided to implement it anyway. I figure if we get hacked or audited it will be a lot better then nothing. I also used two servers for the key. I am using an IIS site on our domain controller to store part of the key, so if a hacker were to gain 100% of the content on our web server then in theory he would only have half of the key to decrypt any files.

    why don't you encrypt the key on the server as well ?!
    That does not work. If the key is encrypted, then the key to decrypt the key needs to be stored on the server, so you run into the same problem. These files are accessed by many different users, so its not like I can use their key to decrypt/encrypt the file.

    One crazy idea I had tho, for a future implementation, was something along the lines of this:
    Each user uses their own password to encrypt/decrypt a secret hidden shared global password. Then its that global secret password thats used to decrypt/encrypt the files. Some interesting points about this method:
    - the key is only ever stored in session vars which can be encrypted/decrypted only with the a key the user has in a cookie (and if you wanted, this could be half of the keyfile with the other half on another server)
    - since users need to login and give their passwords to access the system, it would require no extra additional steps for them.
    - when users change the password (ldap for example) they would need to provide their old password on their first login so the secret keyfile can be re-encrypted with new password.
    Last edited by ZeratulsDomain; 12-12-2012 at 10:22 AM.

  5. #5
    Join Date
    Dec 2012
    Posts
    4
    Quote Originally Posted by ZeratulsDomain View Post
    "why don't you encrypt the key on the server as well ?!"
    That does not work. If the key is encrypted, then the key to decrypt the key needs to be stored on the server.
    that was a joke.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles