I’m working on a project which we intend to launch for developing countries, and, as a result, want to limit the amount of information needed for login and identification, while still maintaining individual privacy and security.
Speaking to the team, it became clear that passwords are a no-go, as users may end up accessing the service only when they have a third-party providing the opportunity to access the internet (once or twice a year even). Remembering passwords, using emails, or anything of the sort would not work in that scenario.
The whole thing is I need to store some data about each user, and I don’t wanna have any idea whose data it is. It isn’t especially sensitive data, but I’m trying to build something that preserves privacy as much as possible.
I’m therefore wondering how to identify users with information they know and do not need to put any extra effort into remembering.
As a result, we’ve narrowed usable information down to: Full Name and Date of Birth (even DoB can be a problem for some). Intuitively, it doesn’t look like one could build something very secure with that data. One key flaw with name and DoB is that one can easily go through all combinations for “John Smith” with all possible dates of birth and find a matching hash.
Therefore, a rough solution we have in mind is to hash name and DoB and use as “username” (all happening in the background of course). Some additional measures would be to scramble the date of birth and add a salt to the hash.
The authentication would then happen via facial recognition. The idea is to encrypt a picture of the user with some combination of the name and DoB as well, so at least it isn’t as easily accessible to the database admin.
A user would log in only with their name, DoB and picture, in a system that would first search through the hashes until it finds a match, then decrypt the corresponding picture and compare the two pictures to allow login or not.
In summary, the user credentials would be something like:
SHA256(NAME + SCRAMBLED_DOB + SALT) => AES(PICTURE_DATA, (NAME+SCRAMBLED_DOB))
The salt could also be added to the encryption of the picture, such that, at login:
- All potential versions of the SCRAMBLED_DOB are tested with multiple salts until a hash contained in the database is found
- That specific hash and sequence of digits from the DoB found from Step 1 are used to decrypt the image
- Image is compared with the image submitted at login, which is then discarded
This process could get long, but depending on how long, it may be acceptable in the name of privacy.
So, essentially, what I’m wondering is:
SHA256(NAME + SCRAMBLED_DOB + SALT) be safe enough, given the requirements of the project?
- Any suggestions for a better way to encrypt the picture?
- Any suggestions for this system overall?
Thanks in advance!