Posted by Cord-Heinrich Pahlmann on 01/05/07 14:45

Peter Fox schrieb:

> I haven't quite understood the details of your scheme. What exactly are
> you trying to encrypt and why? What's the point of the second part? -
> The words "decrypting stored passwords" alarms me.

Who doesn't know the problem. You want to create a thread in a forum or
a blog and have forgotten your login-data. Thats where my script is
supposed to help (me and some friends).
The script generates the login-formular of the forum or blog and
automatically fills in your login-data (username and password) and
POSTs the data to the remote site.
That is why I store crypted passwords in my DB.
Since I don't want to be ABLE to decrypt any passwords from my friends
I use following schema:
The crypted passwords are in the DB. To decrypt these passwords you
need a KEY. This Key is also crypted in the DB. Only the cleartext
password of the user (loginpassword for my page) can decrypt that KEY.
So I make three steps in order to decrypt a login-password for a forum.
User goes to my page -> Logs in -> the clear-text pass decrypts the KEY
(user dependent) -> the KEY can decrypt any of the users forum or
blog-passwords.

Is that understandable. I can't to better with my english skills, sorry.

[Back to original message]