FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » FUDforum Suggestions » User Encrypted Content
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
User Encrypted Content [message #26315] Wed, 13 July 2005 16:43 Go to next message
defa is currently offline  defa   Germany
Messages: 14
Registered: July 2005
Karma: 0
Junior Member
Hi!

Wouldn't it be a great feature to implement something like user AES encrypted content tables? I thought about using a database function like described here:

http://dev.mysql.com/doc/mysql/en/encryption-functions.html

to encrypt alle personal Data of Users and usergroups (like personal messages Forum Content etc.) - especially Personal Message encrypting would be easy to implement.

One could easily use the password hash of the user as an password for the AES function. It would enable true privacy an even administrator couldn't easily read the private data of users.

And - maybe an even bigger advantage - people accessing the Database not authorized (like by SQL Injections etc.) wouldn't have the chance to read out password hashes or personal data.

What do you think about that? I think that would be a hot feature and IMHO fudForum would be the first to have it.

bye
defa
Re: User Encrypted Content [message #26316 is a reply to message #26315] Wed, 13 July 2005 17:02 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
It would make the forum too slow, it is database specific and version specific in addition to that. Plus given access to the DB the attacker could use the same password has to steal the data.

FUDforum Core Developer
Re: User Encrypted Content [message #26317 is a reply to message #26316] Wed, 13 July 2005 17:15 Go to previous message
defa is currently offline  defa   Germany
Messages: 14
Registered: July 2005
Karma: 0
Junior Member
I think the problem of speed could be solved by more power - or using PadLock an Hardware Accellerator for AES.

If you'd store the users Password hash AES encrypted und use the md5(user-input) as password to decrypt the password hash it would be diffcult for the attacker to steal the hash because it isn't stored in clear anywhere.

The point is - that in my eyes - it is a truly good feature. I am hosting a fudForum with about 400 users myself providing certain privacy. I would invest in AES Accellerating Hardware to make the Forum work good - if there would be forum the would support it.

But I understand if you don't want to implement such a feature as maybe there aren't enough people who actually need it. Probably I'll give it a try an patch a fudForum myself to see wether the idea works.

bye
defa
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Merge Topic Control Panel
Next Topic: Trash bin
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 22:38:15 GMT 2024

Total time taken to generate the page: 0.01948 seconds