Score:0

Decrypt one cipher with multiple and independent passwords

ua flag

Consider that an online shop subscribes an embedded external service for their customers. This external webpage is accessible through a clickable banner on the online shop.

On the subscription area of this external service, the registration form asks about the base url domains where the banner will be published:

companya.com
companyb.org
companyc.net 

The purpose is to create a query string dynamically for the banner url redirect:

service.com?id=VO6Ny3WqBBIdZPufARCV10RPyY6nwQf37V8RClhJIlU

The html code snippet to place the banner would be automatically generated on the client or server side and the form information never stored

When a user clicks the banner, the server (Flask) gets the origin request domain (i.e “companyb.org”) and verifies with the query string if it is an authorized domain.

So:

  • All the provided urls should create a single fixed size cipher.
  • Appending more addresses should not impact on the size of the cipher.
  • Each of the addresses individually should be validated by the shared code (that changes every time that any element of the domain list is added, removed or edited).
  • The “encryption” (hash?) of the domains list should be preferably made on client side.
  • The validation is naturally made server side (python-flask)

It’s all about thinking about managing a CORS policy without any storage since the validation is made on-the-fly solely with the information of the http request envelope.

Moreover, this cipher can also be encrypted by other means.

Any suggestions?

kelalaka avatar
in flag
For the title, Encrypt the File Encryption Key (FEK) with a Key Encryption Key (KEK), now for each user encrypt KEK with their key which is derived from their passwords with a PBKDF.
ua flag
The problem with this approach is that on every encryption of KEK I’ll get one different cipher. Therefore I’ll not get a single cipher that can be decrypted with multiple keys (BKDF derived keys)
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.