Secure way to store passwords.

[Slyke]

I want to create a script that will securely store passwords, to create a sort of... password database.

Basically, a user will have a list of passwords that they can either read, write, and share with other users on the script.

My question is, how can I store passwords in the database, that the script can't decrypt, unless a user is logged in with the credentials, so if a hacker got a hold of the database, and the script they couldn't reverse engineer it and decrypt the passwords that are stored in it.

I know that I can encrypt text easily based on a user's password, but the problem I keep running into is what happens when there's multiple users with different passwords all trying to decrypt it.

I'm not asking for someone to write this for me . Just asking how I can get around this problem.

Here's a simple version of the database that the script will have:

USERS
userID (Primary Key, Unique, Index)
userName (Text, user uses to login with)
userLoginPassword (Text, MD5 hash of the password the user logs in with. Not to be confused with the passwords table (Yes, I know MD5 is not secure... just for testing).)

PERMISSIONS
permissionID (Primary Key, Unique, Index)
passwordID (ID of the password)
userID (ID of the user)
permissionLevel (Permission level a userID has for this passwordID, will be like 0-no access, 1-read only, 2-write, 3-share, etc)

PASSWORDS
passwordID (Primary Key, Unique, Index)
passwordText (The password that's being stored, and encrypted).
passwordComment (Just comments for the password).

[techgnome]

Don't use encryption (which is generally two way) ... use a hash instead... Hashes are one-way. And when salted, become a little more difficult to figure out.

-tg

[akhileshbc]

You could use hashing and store only the hashed value of the password in the database. Hashing is one-way. There are some builtin hashing functions like md5() & sha1(). But they aren't the best. You could use crypt() function, doing a sha256 or sha512, which would be more secure.

Always remember to avoid storing the password in it's raw form. Instead store it's hash value only.

[Slyke]

I should have mentioned that the encryption needs to be reversible.

Basically, this database is for storing say, root passwords into a database. Only certain people should be able to view certain stored passwords.

[techgnome]

personally passwords should never be reversable... that's how sites get hacked.

the most secure way to store passwords is to not store them in the first place.

-tg

[Slyke]

Yeah, but this is a good way to manage who can see which passwords, and to easily update changed passwords across a team. If a password is leaked from a bad "apple", can be changed, the "bad apple" removed, and the rest of the team updated.

If this is not possible then I will look into some sort of compromise (Such as encrypting the filesystem of the database... or something).

[akhileshbc]

Like tg said, for passwords, hashing is the best thing.

Otherwise, if you need encryption/decryption have a look at mcrypt. You can encrypt as well as decrypt using it.

Hope it might help