search

MorrisB-- / MasterHash

Password manager that allows a user to have an almost infinite amount of passwords while only using their main one.
GNU General Public License v3.0
25 stars 41 forks source link

Encryption: the whole file or only text in file? #38

Open patanric opened 7 years ago

patanric commented 7 years ago

(this is a discussion, I cannot apply labels to issues)

Passwords and unser names have to be stored as secure as possible. What are the pros and cons to encrypt the whole file and decrypt it at login time. What ideas do you have?

rkulesza9 commented 7 years ago

Hi there, I'm new to open source and thought this was a nice simple project to jump into. I think encrypting the whole file is fine - after all an instance of this program is focused around one user. the amount of data that is being encrypted wouldn't be concerning; I can't see efficiency or overhead or anything else being much of an issue. Java has a nice cryptography library. we could use an AES encryption using a salt-and-hash of the application-login data as a key. That would be secure.

joshhazelhurst123 commented 7 years ago

I think encrypt the whole file and the text in the files. The user will have to have a password to log into the file. Log in with a username and password for a specific user, e.g. admin, SSmith, BAdams. Only show the passwords to authenticated users. Do not show unnecessary passwords to users who do not have current permissions, admin grants permissions to users etc. I have used AES password manager. It will be good to have other alternative password manager programs to use, for security reasons of course. You can use different encryption methods, MD5, sha1, encryption, etc. Pro's, more secure I believe (if you encrypt the file and the password text in the file it will be more difficult to crack). cons, will use more file space in megabytes. Depending on how far you want to go with this piece of software, cryptography is big business, fingerprint scanners, facial scanners etc.

Eyremba commented 7 years ago

A few suggestions: