0

At the moment, I am struggling on a question to which I have not found a good answer so far. I wan't to create a password manager, which will be used by a lot of people.

Used languages: PHP / Javascript (don't think JS should be used for any security-related things tho)

My concept so far:

  • Only (Framework-)Admins can assign rights
  • Access and/or write permissions can be assigned to:
    • User-groups
    • Single users
  • Anyone can create an entry, insofar as he has rights to the manager himself and then for the particular point he can see. (tree-structure)
  • Each entry is created as follows:
    1. The key consists of a salt, which is hashed with sha256.
    2. I chose "aes-256-cbc" as encryption method.
    3. The "IV" is randomly generated with "openssl_random_pseudo_bytes".
    4. Then I use the function "openssl_encrypt" to get the password-hash.
    5. After that I use the function hash_hmac (sha256 again), to generate the hash, which will be stored in database.

But now I face the following problem that, as soon as someone gets access to the php-files, all passwords would be compressed.

That's why I've considered the following:

I would like to encrypt each password additionally with the user password of the respective user. Although this would mean that each password must be created/stored x times, but this is not a problem.

The fact that the password can only be read out with the previous entry of the user password is not a problem, but desired. However, this would mean that the access right to a password can only be assigned by an administrator who has already "unlocked" this entry. But since passwords can also be created by other administrators, or even by users, this would mean that in order to encrypt these passwords, each user who wishes to have access ( which admins anyway have by default) needs at the same time the creator's (or a person who already has this entry) presence as well as his or her own to decrypt and re-encrypt the entry.

Well, theoretically I could also take the stored hashes of the user passwords from the database, but that would get me back to the point that once someone has file-level access, all passwords would be compromised.

Is there a good and reliable alternative for this? On the one hand, it would be a master password that has to be known by a creator in order to create an entry with which an entry is then stored initially. But that would be the unpleasant alternative.

Maybe something like a certificate or similar. I am thankful for any advice.
Thanks in advance!

Improve this question
4
  • 1
    as usual in security design, I think the important question is - what's your threat model? In particular, who is it who you think might get access to the php files? Are we worried about malicious administrators? Is it plausible in your setup for someone to get read access to the files but not write?
    – Silver
    Commented Sep 28, 2019 at 16:14
  • 1
    I think you should make yourself more familiar with asymmetric cryptography. If each user has a public key (known to all) and a private key (known only to the user) everybody could encrypt a password for another user (with the help of the public key) but only the user itself could decrypt it. If each private key is kept local to the owner it does not matter if anybody has access to the encrypted files or the public keys - this will not be enough to get access to the secrets. I'm pretty sure that such systems exists already though.
    – Steffen Ullrich
    Commented Sep 28, 2019 at 16:59
  • On the one hand, there are the employees, who could gain access to data they should not have, due to the fact that they access database or smiliar. Should not happen, but that'd be a risk, which I would like to exclude. On the other hand, this system is externally accessible and possible security vulnerability should not provide the opportunity to get access to files. Last but not least there are the servers that could be hijacked by possible security vulnerabilities. Security measures are being taken against all these risks, but I do not want to save on overhead and rely on other measures.
    – spyro95
    Commented Sep 28, 2019 at 17:02
  • @SteffenUllrich I have already come up with this idea, but I'm not sure if this possibility also finds enough "understanding", because of course some, but not all, users are so familiar with IT. I'm currently trying to narrow the gap between UI and security. Also the manager should be usable from the road or from the smartphone, which could make it difficult for some.
    – spyro95
    Commented Sep 28, 2019 at 17:05

1 Answer 1

Reset to default
2

If I understand correctly, PHP is only ever executed server side. If I’m correct in that, then high value user secrets are going to be transmitted to your server even if encrypt them right after you get them.

At this point I should disclose that I work for a popular password manager, but I’m not trying to discourage competition. But I do recommend that you look at how other password managers work. Some of us document how we do things and why. I’m not telling you not try to build a password manager, but to understand that it is much harder than you might think.

I confess to having not taken close look at your design, as I stopped at PHP, but I also see your mention of CBC mode encryption. While there are legacy systems that still do so today, you should not design anything with an unauthenticated mode, particularly CBC.

Improve this answer
3
  • Thank you, for your detailed and honest answer. This is not a competitor here, but a company-internal product that should be used only for employees of this small company. We could use an existing password manager, but would like to dispense with third-party products, as it will run on our internal, self-written framework. Could you give me some food for thought, especially with regard to the encryption method?
    – spyro95
    Commented Sep 29, 2019 at 12:54
  • But yes, PHP can not be avoided in this case, unfortunately, and the password must, at least for a brief moment, reach the server unencrypted - insofar as you do without Javascript - and then be encrypted there. Since these are actually company passwords that an employee creates and stores on behalf of the company, it is less about user secrets than company data.
    – spyro95
    Commented Sep 29, 2019 at 12:57
  • "But yes, PHP can not be avoided in this case, unfortunately" In that case you are building a password manager that is fundamentally less secure than a number of free and commercial options already out there. Please reconsider your entire approach, including its necessity.
    – Jeffrey Goldberg
    Commented Apr 4, 2020 at 20:25

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .