I am building an authentication system in which some information is being stored encrypted so that it can’t be human readable. Because it is encrypted, I need to use the generateSecretKey() function (as I’m not using the CFMX_COMPAT method). I am nervous of just creating this when a user is registered in the system and using it for all time and so I thought about creating a new one every time the user logs in, but wasn’t sure if that is really necessary. I am already calling a method to update the users login timestamp on each login so adding a new secret key isn’t bad, but I wanted to make sure that I didn’t go overboard, so my question is this:
When generating secret keys for users to encrypt information is it best to create a new one every time they login or just create one on registration and use it for all time?
Your answer (as the elves said to Frodo) is both yes and no. Or perhaps in the words of Bob Dole when asked if he wore boxers or breifs… “depends”.
What you are asking about is tied stringently to the requirements. Ostensibly the second choice – “generating a new key” – would be more secure than reusing the same key. In the first case you have one key per user. In the second your key is more ephemeral and disappears after a session. So the real question is, what level of security is enough for your requirements.
The trade off is that the code is slightly more complicated, the server has to work a bit harder, and you can’t persist sessions (because restarting the server is going to kill your keys presumably). It might also make things like audit reporting more difficult since it sounds like you are encrypting some log type or audit trail type information.
I would add that if you store these keys along with the data you might as well not bother with generating new ones. You’ve already degraded whatever benefit you might have garnered by putting the key under the welcome mat 😉
Hope this helps… sorry to be vague.