How to implement reset password for a password manager

0
votes

How could I best implement a reset password functionality for a password manager? I'm currently saving a hashed + salted master password, and encrypting the passwords with the master password itself, however if a user has lost his master password this means the passwords can't be decrypted.

I thought about saving a version of the passwords encrypted with the master password and a version encrypted with the users email + some random token generated when the user creates his account, but would this be safe? Is there any best practice when doing this?

The user's email also only gets stored as a hash.

So to clarify my question, are there any best practices for recovering data encrypted with a password if that password is lost?

1
encryptionpasswords
Just using a hash function is not sufficient and just adding a salt does little to improve the security. Instead iIterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use functions such as PBKDF2, password_hash, Bcrypt and similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force.zaph
@zaph I'm currently using PBKDF2 for generating the hash and verifying the password, however seeing as that's not important for when a user forgets his password, I did not mention that in the quote. Thanks anyway.Dennis van Gils
*question, not quoteDennis van Gils

1 Answers

3
votes

The security would be reduced to how you store the "random token" and I would think it's not secure at all. There is no best practice. You could write the master password on a piece of paper and lock it in a safety deposit box at a bank or something like that.

Even shorter: there cannot be a password reset functionality for a local password manager without trusting somebody else.