- Server Side Encryption
Coming from the LastPass breach, two points are highlighted:
- Data at rest is a very juicy target
- People do not always use great master passwords.
Of course the best answer is for people to use strong master passwords. However, if a breach happens everone has to re-evaluate the strength of their master pw. As an additional layer, I suggest that the server support envelope encryption, such as something like AWS KMS / Hashicorp Vault. Every time the server-data is updated, request a new data-key from the KMS (which is provided in both a cleartext and ciphertext form), encrypt the vault with that, and store the encrypted datakey along with the data.
On retrieval, server sends the encrypted data key for that specific vault to the KMS, gets back the cleartext data key, decrypts the vault-blob and sends it to the client. The cleartext data key is never persisted and KMS never divulge the master key that decrypts all of the data keys.
Now, if someone obtains of a backup of the database, or live access to the database even as an admin, users are protected EVEN IF they used horribly bad master passwords. They should still use strong passwords of course, but it is an additional layer that reduces the usability of the central datastore.
(‘generating a data key’)