I'm trying to figure out a way to store user-generated text securely in
a database (so that only the user is the one who can access his/her
text). I could have Rails encrypt and decrypt the user's text using the
user's password as the key, but if the user ever forgot their password
there would be no way to ever decrypt their previous text (since the
Rails app uses BCrypt to store only a hash of the password).
Does anyone know how that could be done? It looks like Dropbox does it:
"All files stored on Dropbox servers are encrypted (AES-256) and are
inaccessible without your account password."
(Dropbox Security for Your Files and Data - Dropbox) Yet they allow you to reset your
password and I'm assuming they don't store your plain text password
anywhere.
What am I missing? Any suggestions would be greatly appreciated. Thanks!
I'm trying to figure out a way to store user-generated text securely in
a database (so that only the user is the one who can access his/her
text). I could have Rails encrypt and decrypt the user's text using the
user's password as the key, but if the user ever forgot their password
there would be no way to ever decrypt their previous text (since the
Rails app uses BCrypt to store only a hash of the password).
Does anyone know how that could be done? It looks like Dropbox does it:
"All files stored on Dropbox servers are encrypted (AES-256) and are
inaccessible without your account password."
(Dropbox Security for Your Files and Data - Dropbox) Yet they allow you to reset your
password and I'm assuming they don't store your plain text password
anywhere.
What am I missing? Any suggestions would be greatly appreciated. Thanks!
Hrm... well, "inaccessible without your account password" is not the same thing as "encrypted with your password"....
