|
|
|
|
|
|
by marcushill
1400 days ago
|
|
|
It seems to me that encrypting emails is either untenable or insufficient depending on how you do it. You could do a one-way operation like is used on passwords, but then you can't access the user's email address to send them emails. You could instead do a two-way encryption but that likely means using a hardcoded key to decrypt, and that key can't be considered secure if attackers have access to the system. There may be other more effective options but I'm no security expert and I haven't given much thought to other solutions. |
|
|
Hardcoding a key would be a bad idea. You would need some way to rotate keys. Maybe also encrypt the actual data encryption keys under another key encrypting key.
But this only defends against attacks which can't get that key (e.g. a SQL injection attack that just dumps table contents).
Having said that, you only need to decrypt if you want to send an email, for logging in you could just store a one way salted hash.
More importantly, this is a lot of effort to protect data that isn't usually regarded as that sensitive (unlike the passwords). If I had the security budget to do that, I'd almost certainly spend it on something else.