enhancement: support changing password

[arolson101]

Currently you take the user password, pass it through pbkdf2, then use the result as the encryption key. If you were to instead use the result to encrypt/decrypt a buffer containing the key, then you could change the password trivially.

[calvinmetcalf]

hm not a bad idea

…

On Sat, Dec 3, 2016 at 11:03 AM arolson101 ***@***.***> wrote: Currently you take the user password, pass it through pbkdf2, then use the result as the encryption key. If you were to instead use the result to encrypt/decrypt a buffer containing the key, then you could change the password trivially. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#42>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABE4n-5WRl1uqQcWu3e7eW3h9z3SDuj2ks5rEZK3gaJpZM4LDVdO> .

[arolson101]

you could also use this to easily validate whether the password is correct

[calvinmetcalf]

you get an error about being unable to decrypt when that happens now, because you never actually know if it's because somebody modified the db or your password is wrong

[garbados]

Hey, just checking in here. Changing passwords is an inevitable part of working with passwords, so I'm certainly interested in implementing this in crypto-pouch. Could y'all explain it to me again?

[arolson101]

Create a random db encryption key (dbkey). User provides key (ukey). Use ukey to encrypt dbkey (edbkey), store it separately from the db itself.

When opening db, get ukey from user, get edbkey from store, use ukey to decrypt edbkey to get dbkey and use it for db. If the decryption fails it’s because you have the wrong key- no cryptic message.

To rekey the db, just get a new ukey, re-encrypt dbkey with it and overwrite the stored edbkey.