8

I'm currently planning the development of a PHP application that shall require user passwords for external services to be stored so that they can be logged into simultaneously when the user logs into my application.

I shall need to store passwords in a secure, i.e. not plain text, and not base64 encoded but that shall also need to be accessible as plain text by the application, one way or another.

I've only been able to think of something like the following:

When a user adds their credentials for the external service to their account, they re-enter their password for my application and that (in an encrypted form) is used to 'encrypt' the password for the external service somehow, but in a way that makes it accessible still.

Does anyone have any thoughts on if this is possible, or a potential solution?

Thanks

Also: it's worth noting that it will be an SSL connection that the data is sent over.

Out of curiosity: Say for example; Google Mail, you can add email accounts to your Google Mail account so that all of them are checked. Does anyone have any thoughts on how Google store the passwords for the accounts you add?

Improve this question
4
  • 1
    Do you accept initially the credentials? Commented Nov 21, 2012 at 16:24
  • Yes, the credentials used for the external services would initially be entered by the user when they add it to their account on my application. Commented Nov 21, 2012 at 16:25
  • The users login to your app with external passwords? or with passwords from your app? Commented Nov 21, 2012 at 16:27
  • With the passwords from my app. Commented Nov 21, 2012 at 16:32

7 Answers 7

Reset to default
7

The problem with this in general, is if your system is every compromised, the attacker can get all the passwords for all the systems, because they are encrypted and not hashed. There is no way around this, since you want to be able to get the plain-text passwords.

If you must do this, you can use something well trusted like OpenSSL to encrypt the passwords.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

From a securities stand point, you really should never store a password anywhere. I would have the user enter their password md5 their password and store that. So when he authenticates its authenticated vs the md5. As for the externals. You could take the external password and XOR the external password with the stored md5. That way you could undo it to pass it to the external source. Or the better way would be to ask for the password every time for the externals. This is a choice of risk vs convenience.

Improve this answer

1 Comment

The passwords for my application would be stored using (most likely) blowfish encryption. This could of course be checked against easily, which is the point I guess. The general idea of your answer is what I was thinking, somehow the user's password for my service being used to 'undo' the encryption of the password for the external service.
1

Well, you may encrypt the passwords by user's own password (not storing it anywhere), and just ask for it every time the communication is being made, this way the passwords are probably safe.

Improve this answer

6 Comments

By this do you mean, they would enter the password for my application, or the external service every time?
For your application. Their password for your application is the key used to encrypt/decrypt the external service's password. But if the user forgets their password, all the encrypted passwords will be lost.
Well, say there would be a 'forgotten your password' feature. This would mean all of the passwords for their external accounts would need to be re-entered, and then re-encrypted with the new password as the key, the same applies for if the user were to change their password I suppose.
If the user changes their password, you could just do a mass decryption on the old password & mass encryption on the new password.
Very true, that makes a lot more sense.
|
1

GAH... I wish everyone would just standardise on keys:

<?php $connection = ssh2_connect('shell.example.com', 22, array('hostkey'=>'ssh-rsa')); $sth = $dbh->prepare('select keyLoc from auth where username = :user'); $sth->bind_param('user', 'username'); $key = $sth->fetch(PDO::FETCH_ASSOC); if (ssh2_auth_pubkey_file($connection, 'username', $key, '/home/username/.ssh/id_rsa', 'secret')) { echo "Public Key Authentication Successful\n"; } else { die('Public Key Authentication Failed'); } ?>

It would make life so much easier. Just copy your public key everywhere and keep your private key on you.

Improve this answer

Comments

1

What you should do instead is to use Oauth - safer and also much more user friendly when it's implemented correctly.

Zend oauht client

Improve this answer

Comments

0

You can use php mcrypt, see relevant question here. Or if you prefer to encrypt/decrypt server side mySQL has a AES encrypt function.

Improve this answer

Comments

0

You might use something like PKIF (specifically PKIFCRYPTO) and NSS or MS-CAPI. It's not for the faint of heart, but you'll want to demonstrate a certain degree of competence to the users who decide to trust you with their credentials.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.