First time poster here! Let me get straight to it...
I'm currently not in a position that lets me interact with other developers face to face on a regular basis, and I am in need of some "round table" discussion on a project that has be given to me. Let me describe the functional requirements I have in as general terms as possible first:
1) The task charged to me is to investigate, and if possible implement, a system for storing a great many passwords as securely as possible.
2) The purpose of each password does *not* need to be stored in the datastore. There does not need to be a URL, a username, a description or any other associated information in the datastore. The only thing I do need is some kind of unique identifier which could be tied into other data-tracking systems by referencing the ID for a given password in the system. I.e.: sending someone an email instructing them to, "Go look up password number 432 for this." In other words; my current plan is to make the password storage as agnostic as possible. I can implement the tracking of notes, usernames, and purposes in any number of ways: posting in a wiki, writing them down on paper, or saving a Word document. The only thing I really need to lock down good and tight are the passwords themselves.
3) The system must allow multiple, concurrent user "logins" to access/update the stored passwords. There is no need for per-user permissions for subsets of the stored information: any user in the system is allowed to access ALL information stored inside.
4) A high priority is placed on logging all actions performed by each user: including when a certain password is viewed or changed, by which user, and any other available information pertainent to the action.
5) The interface for accessing the passwords (if it is different from the software used for managing the data) should ideally not be locked to a given operating system (meaning I'll likely reject a pre-existing application that only runs in Windows, for example).
6) The system should also preferably be resistant to mass-viewing: it should be impossible (using the given interface at least) to view or modify more than one password at a time, and as difficult as possible to obtain a copy of the datastore file(s) themselves.
7) The last request is that the datastore as a whole must be backed up regularly for redundancy, and hence, the backup format/system utilized must also be as secure as possible.
There it is. This is not at all an easy "problem" to solve, and repeated and varied Googlings have not turned up anything close enough to what I'm looking for. My current line of thinking is not entirely satisfying to me and I need to see if somebody more knowledgeable than myself naturally comes up with a solution I would not have considered-- especially if there's a possibility I'm grossly over-thinking this entire thing.
Anyway, I've tried to keep my description as generic as possible to prevent biasing the reader's own thought process. I'd of course like to hear any thoughts the community has on this. I'd be happy to entertain any existing applications (FOSS or otherwise), as well as suggestions for a "from scratch" implementation. If anyone has questions they need to ask to clarify the problem, I'd be only too happy to answer them.
I'm also eager to share my current ideas for implementing this, but again, I want to see what unique suggestions everyone can come up with first before artifically locking the discussion into any particular category or programming language.
Lastly, I apologize if this is not the correct board to post this under , but as I said I am not currently restricting this project to being a "database project" or a "C++ project", etc. The _method_ of implementation is not as important as the security of the resulting system as a whole. I'm hoping the power of 39,000 other minds can help come up with a more secure, reliable system than just my one can.
Thanks for you time!
I'm currently not in a position that lets me interact with other developers face to face on a regular basis, and I am in need of some "round table" discussion on a project that has be given to me. Let me describe the functional requirements I have in as general terms as possible first:
1) The task charged to me is to investigate, and if possible implement, a system for storing a great many passwords as securely as possible.
2) The purpose of each password does *not* need to be stored in the datastore. There does not need to be a URL, a username, a description or any other associated information in the datastore. The only thing I do need is some kind of unique identifier which could be tied into other data-tracking systems by referencing the ID for a given password in the system. I.e.: sending someone an email instructing them to, "Go look up password number 432 for this." In other words; my current plan is to make the password storage as agnostic as possible. I can implement the tracking of notes, usernames, and purposes in any number of ways: posting in a wiki, writing them down on paper, or saving a Word document. The only thing I really need to lock down good and tight are the passwords themselves.
3) The system must allow multiple, concurrent user "logins" to access/update the stored passwords. There is no need for per-user permissions for subsets of the stored information: any user in the system is allowed to access ALL information stored inside.
4) A high priority is placed on logging all actions performed by each user: including when a certain password is viewed or changed, by which user, and any other available information pertainent to the action.
5) The interface for accessing the passwords (if it is different from the software used for managing the data) should ideally not be locked to a given operating system (meaning I'll likely reject a pre-existing application that only runs in Windows, for example).
6) The system should also preferably be resistant to mass-viewing: it should be impossible (using the given interface at least) to view or modify more than one password at a time, and as difficult as possible to obtain a copy of the datastore file(s) themselves.
7) The last request is that the datastore as a whole must be backed up regularly for redundancy, and hence, the backup format/system utilized must also be as secure as possible.
There it is. This is not at all an easy "problem" to solve, and repeated and varied Googlings have not turned up anything close enough to what I'm looking for. My current line of thinking is not entirely satisfying to me and I need to see if somebody more knowledgeable than myself naturally comes up with a solution I would not have considered-- especially if there's a possibility I'm grossly over-thinking this entire thing.
Anyway, I've tried to keep my description as generic as possible to prevent biasing the reader's own thought process. I'd of course like to hear any thoughts the community has on this. I'd be happy to entertain any existing applications (FOSS or otherwise), as well as suggestions for a "from scratch" implementation. If anyone has questions they need to ask to clarify the problem, I'd be only too happy to answer them.
I'm also eager to share my current ideas for implementing this, but again, I want to see what unique suggestions everyone can come up with first before artifically locking the discussion into any particular category or programming language.
Lastly, I apologize if this is not the correct board to post this under , but as I said I am not currently restricting this project to being a "database project" or a "C++ project", etc. The _method_ of implementation is not as important as the security of the resulting system as a whole. I'm hoping the power of 39,000 other minds can help come up with a more secure, reliable system than just my one can.
Thanks for you time!
Comment