"Reversible" passwords

June 28, 2009

I have found a reference to a concept called "reversible" passwords that is, instead of

storing the hash of a password, an encryption of the passwordis stored instead.

I have a client that has a need for this feature. The problem is that although there are

references to it, there is no discussion about how one gets the password from the database

where passwords are kept, and decrypts it.

Please, I do NOT want a lengthy discussion about why reversible passwords are a Bad Idea,

or why getting the plaintext of a password is a Bad Idea. I, and a client I have,

*understand* these issues. If it helps, the context is a system service running on a

physically secured server that has to log a child process in as another (more restricted)

user. What I'm looking for here is the *technology* involved: how to select the use of

reversible passwords, and how to get the plaintext back for one, given a specific user

name. DO NOT bother to explain to me about security. I understand the issues. What I

don't understand is one specific technological path to implement one specific solution in

one specific restricted context, which has been evaluated by a client as being an

acceptable and necessary situation. Because of NDA, I cannot get into specific details of

who, why, what, etc. Assume we have addressed all the relevant security issues of the

plaintext password problem and have done appropriate risk management in the context of the

problem domain. Now we need the APIs involved to obtain the password.

(Note that none of this would be an issue if there were existing Trusted Computing Base

implementations, but we have to deal with Reality As It Is). If you have a solution and

don't want to post it for public visibility, you can send me private email on the topic.

TIA

joe

Joseph M. Newcomer [MVP]

Recommended Posts