The present invention relates generally to password-based encrypted file management, and more specifically to management of encrypted user files at a server whereby decryption of user files is dependent on authentication of user passwords.
Servers which are accessible to user computers over networks are often required to manage files containing sensitive user information. For example, online services such as booking portals, app-stores, online stores, etc., may store files containing user address details and payment data such as credit card numbers. Another example is where users upload arbitrary files to a server offering a secure storage facility, so that access to files is restricted to the user in question. Clearly, user files should be encrypted in such scenarios, otherwise a security breach would leak the plaintext user data. Data security then relies on security of the cryptographic keys used for encryption of the user files.
Various services and user-side applications are available for encrypting user data before uploading to cloud storage. Encryption keys here are derived from user passwords, with dedicated software/secure storage typically required at user computers. Due to the low entropy of typical user passwords, password-derived keys can be vulnerable to offline attack if the host server is corrupted. In particular, an adversary obtaining some information that allows him to verify whether a password guess was correct, can then use that information to detect the correct password via brute-forcing, i.e. testing all possibilities.