Safely storing passwords when access to the plaintext is still needed [duplicate]

Question

Possible Duplicate:
PHP 2-way encryption: I need to store passwords that can be retrieved

I know that the best practice for storing user passwords is to store only an irreversible hash of the password.

However, I am developing an application where I will need to store a user's login information for another web service -- I'll need to periodically log them in and perform some maintenance tasks. Unfortunately, the service doesn't offer authorization tokens so I (very apprehensively) have to store the passwords in a way that I can access their plain-text values. I don't own or control the service to which I am authenticating, and the only method is to 'borrow' a users username and password and authenticate.

I am planning to AES_ENCRYPT the passwords in the DB, which means that if somebody is somehow able to access the DB they won't be able to get the plaintext. However my code will need to have access to the key to unencrypt them, thus if the entire server is compromised this is no protection and the passwords will be revealed.

Aside from the above-described encryption, are there any best practices or steps I can take to do this as safely as possible?

EDIT

I know that whatever I do, ultimately the passwords must be accessible in plaintext and so a compromised server means the passwords will be revealed, but I am wondering what steps I can do to mitigate my risk. E.G. encrypting the DB protects me in the situation where the DB is compromised but not the entire server. Other similar mitigating steps would be much appreciated.

Answer 1

However, I am developing an application where I will need to store a user's login information for another web service -- I'll need to periodically log them in and perform some maintenance tasks.

OK... I read through the answers and the comments, and about all I can say is I hope you have crack legal team. It sounds to me like the service you are offering is predicated on user trust. It's good that it's a user-controlled switch, and not something being helpfully done behind their backs, but I think you want a really iron clad service agreement on this.

That said, there's a lot of security paranoia you can invoke. You'll have to figure out how much you want to go through based on the harm to your product, your company and users if a break in occurs. Here's thoughts:

• Data storage - store the passwords far away from where an attacker can get in. Highly access controlled files, a database on a back end machine, etc. Make any attacker have go to through layers of defense just to get to the place the data is stored. Similarly have network protection like firewalls and up to date security patches. No one thing works in isolation here.
• Encryption - any encryption technique is a delaying tactic - one the attacker has your data, they will eventually crack your encryption given an infinite amount of time. So mostly you're aiming to slow them down long enough for the rest of the system to discover you've been hacked, alert your users, and give the users time to change passwords or disable accounts. IMO - either symmetric or assymetric cryptography will work - so long as you store the key securely. Being a PKI person myself, I'd lean towards assymmetric crypto just because I understand it better and know of a number of COTS hardware solutions that make it possible to store my private key extremely securely.
• Key storage - your encryption is only as good as your key storage. If the key is sitting right next to the encrypted data, then it stands to reason that the attacker doesn't need to break your crypto, they just use the key. HSM (hardware security modules) are the high end choice for key storage - at the upper ranges these are secure boxes that are tamper proof which both hold your keys and perform crypto for you. At the low end, a USB token or Smart Card could perform the same function. A critical part of this is that ultimately, it's best if you make an admin activate key access on server startup. Otherwise, you end up with a chicken and egg scenario as you try to figure out how to securely store the ultimate password.
• Intrusion detection - have a good system in place that has a good chance of raising alarms if you should get hacked. If your password data is compromised, you want to get the word to your users well ahead of any threat.
• Audit logging - have really good records of who did what on the system - particularly in the vicinity of your passwords. While you could create a pretty awesome system, the threat of privileged users doing something bad (or dumb) is just as bad as external threats. The typical high end auditing systems track high privilege user behavior in a way that can't be viewed or tampered with by the high privilege user - instead, there's a second "auditor" account that deals only with audit logs and nothing else.

This is a highlight of the high points of system security. My general point is - if you are serious about protecting user passwords, you can't afford to just think about the data. Just encrypting the passwords is not likely to be enough to really protect users and safeguard trust.

The standard way to approach this is to consider the cost of explotation vs. the cost of protection. If both costs are too high for the value of the feature, then you have a good indication that you shouldn't bother doing it...