MyBB Community Forums

Full Version: Encrypt Emails in the Database
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello people. Good Morning!

I would like to suggest a small(?) change in the handling of emails from the database. In general, we worry a lot about passwords, but we forget that addresses can also be protected. Using an XOR algorithm would not be very costly in terms of processing and would still allow emails to continue to be used normally for the exchange of messages. I'm talking about this.

I haven't done tests yet to see if the impact on database size would be big, but I think it's worth it. As far as I could think, I only saw benefits because it would be an extra layer to protect the forums from data leaks. What do you think?

I don't include the function codes here because I don't program in PHP yet. Sorry.
Great spot,
but I don't see any benefit to encode mail addresses, as long as the MyBB software is open source.
Addresses can't be protected securely as there is a need to be able for decoding again. Even a (known) algorithm or any salt will not bring a protection when the algo is known.
It just needs a piece more effort for a hacker to decode and another piece more processing costs for the forum system.

This security option can be achieved in a closed source system though.

[ExiTuS]

PS.
"Security through obscurity" does not even count. A hacker cracking a mybb forum, knows it's mybb Wink
(2021-08-20, 03:05 PM)[ExiTuS] Wrote: [ -> ][...]


Thanks for the answer.

My point would be that the key(s) would be saved in a different users database. Or they would not even be saved, being generated whenever necessary, as shown in the article. It certainly wouldn't prevent access to emails, but at least it would give some extra time to notify users of the flaw, fix it, etc.
This article describes a method only working in a closed source system with hidden algorithm.
Decoding keys must be existing and can only be generated by following an algorithm - in an open source system the algo is known.

To achieve such kind of mail protection for MyBB system, you mandatory need a second closed infrastructure to outsource security processings. This will make a forum installation more complicated or even impossible for some users.

While writing these lines, I got an idea...
It might be possible with an initial key that is manually created during the setup and stored in a flat file on the webhosting (maybe in the mybb config file) - so a individual and unique key for endcoding that is totally seperated from the database.

[ETS]
Yeah, initially I was thinking that, even though the algorithm is public, it would be given a unique key as a 'salt', but now that you've pointed out the problem I don't see much use.

(2021-08-20, 03:46 PM)[ExiTuS] Wrote: [ -> ][...]
While writing these lines, I got an idea...
It might be possible with an initial key that is manually created during the setup and stored in a flat file on the webhosting (maybe in the mybb config file) - so a individual and unique key for endcoding that is totally seperated from the database.

Here you have my attention. I don't see any other frameworks/platforms worrying about this kind of thing, so it could be good not only in practice, but for the MyBB image. Big Grin
I think the problem doing this with publicly released free software is that if an admin does something that means the keys/salt is lost, that's their user base gone as the email addresses wouldn't be recoverable. Passwords is one thing as you can reset them, but if an email is encrypted and can't be decrypted, you're screwed.
(2021-08-20, 04:09 PM)Matt Wrote: [ -> ]I think the problem doing this with publicly released free software is that if an admin does something that means the keys/salt is lost, that's their user base gone as the email addresses wouldn't be recoverable. Passwords is one thing as you can reset them, but if an email is encrypted and can't be decrypted, you're screwed.

True. Perhaps it could be an alternative tool, to be used only by administrators who are careful or willing to take the risk. Also on installation, as quoted by the [ExiTuS], put an option like "Encrypt users' email addresses?". And have a more demanding backup policy (manual or automatic) in these cases. Maybe with more reminders on the dashboards to still keep control in the hands of the administrator.
DVZ Hash supports encryption of password fields (in addition to hashing) at the application level, but was only feasible because MyBB doesn't perform bulk operations on account passwords (and comes with the drawbacks mentioned by Matt).

Encrypting more widely used data, like emails, would make e.g. search features difficult to implement, so it's unlikely to be added in the near future, but improving support for encryption at lower levels that wouldn't require major changes in MyBB is possible (e.g. providing keys to the database server after establishing a connection).

Related:
https://community.mybb.com/thread-206905.html
https://community.mybb.com/thread-214228.html
https://securosis.com/assets/library/rep....V_.1_.pdf
(2021-08-20, 06:05 PM)Devilshakerz Wrote: [ -> ]DVZ Hash supports encryption of password fields (in addition to hashing) at the application level, but was only feasible because MyBB doesn't perform bulk operations on account passwords (and comes with the drawbacks mentioned by Matt).

Encrypting more widely used data, like emails, would make e.g. search features difficult to implement, so it's unlikely to be added in the near future, but improving support for encryption at lower levels that wouldn't require major changes in MyBB is possible (e.g. providing keys to the database server after establishing a connection).

Related:
https://community.mybb.com/thread-206905.html
https://community.mybb.com/thread-214228.html
https://securosis.com/assets/library/rep....V_.1_.pdf

Thanks for the links! In fact, search features didn't even cross my mind. Thank you very much for the links! In fact, search engines didn't even cross my mind. Perhaps direct email queries could be replaced with email hashes? Anyway, it seems that I need to work on the idea to make it viable in practice. There are many aspects that I haven't considered.