This post is more about seeking solutions rather than providing any. I am building a simple application at home and decided to encrypt some data that the application saves. This decision has led me to many questions about how to retrieve a password if the user forgets it. So far I am not too satisfied with the answers. There are many solutions to the questions and perhaps they will all work. But somehow I am not satisfied. Oh! I should add that I am seeking solutions that are restricted to a single computer. No Internet access, no networks, LDAP, etc. So no hand shakes with public and private keys.
In order to encrypt any data I need a key. The creation of a key can be based on:
- User provides a password from which I derive the key.
- User provides a password using which I encrypt and hide the key.
Let's say I use option 1. The user provides a password and the password itself is the key. Now what if the user forgets the password? How do help retrieve the password? The application could store the password in a secondary location but then anyone can retrieve the password from the secondary location and if the hard drive crashes then even the application cannot retrieve it. I suppose I could tell the user to save this password in another location but that just seems blah.
If I use option 2 then:
- I can use a key from a given set of keys such that at any time the data can be decrypted and re-encrypted using a new password.
- Alternatively a key can be generated using some logic that can be repeated to reproduce the key.
There are flaws with these two approaches too:
In option 1 if I had a fixed set of keys from which any one is assigned at the time of installation then how will I secure these keys? After all anyone could get to the data once these keys are known. I could encrypt them and put them in a configuration file? Encrypt them in my installer and decrypt and use one of the keys? Well if I encrypt them then where do I keep the key to encrypt and decrypt this collection of keys? We seem to have circled back to the original problem.
In option 2, any logic to generate a key can be used for both good and bad reasons. So I don't really see much security here.
Unless I am missing something the only secure option is for the user to remember their password. If they don't then they lose their data. Or are their other options?