Crypto/security minded people, is what I'm thinking about doing reasonable or hideously insecure?
I want to store user data so it's encrypted at rest, but transparently decrypted upon user access, without them having to go through an explicit decrypt step.
My idea is to use the hash of the user's password (plus a user-specific salt stored in the database) as an AES key to encrypt/decrypt the content I want to keep secret.
When the user logs in, their password is used to derive the encryption key which is stored in a session cookie and used server-side to decrypt/encrypt data that the user reads/writes.
Things my threat model does not include:
1) an attacker sniffing the encryption key in flight (this is mainly for personal use, I can enforce TLS)
2) an attacker breaking into the server and dumping the memory while the de/encryption is being done and the key is in memory
Is this a decent approach, or is there some gaping hole I've overlooked?
I want to store user data so it's encrypted at rest, but transparently decrypted upon user access, without them having to go through an explicit decrypt step.
My idea is to use the hash of the user's password (plus a user-specific salt stored in the database) as an AES key to encrypt/decrypt the content I want to keep secret.
When the user logs in, their password is used to derive the encryption key which is stored in a session cookie and used server-side to decrypt/encrypt data that the user reads/writes.
Things my threat model does not include:
1) an attacker sniffing the encryption key in flight (this is mainly for personal use, I can enforce TLS)
2) an attacker breaking into the server and dumping the memory while the de/encryption is being done and the key is in memory
Is this a decent approach, or is there some gaping hole I've overlooked?
Follow
Just make sure the decryption key is not the same hash as used for authentication and not stored anywhere :)
