I am working on a project that we intend to launch for developing countries and as a result, I want to limit the amount of information needed for login and identification, while maintaining privacy and individual security.
Speaking to the team, it became clear that passwords are prohibited, as users can end up accessing the service only when they have a third party that provides the opportunity to access the Internet (even once or twice a year). Remembering passwords, using emails or anything like that would not work in that scenario.
The whole thing is that I need to store some data about each user, and I don't want to have any idea who that data is. It's not particularly sensitive data, but I'm trying to build something that preserves privacy as much as possible.
So I am wondering how to identify users with information that to know and I don't need to put any extra effort in remembering.
As a result, we have reduced the usable information to: Full name and date of birth (even DoB may be a problem for some). Intuitively, it doesn't seem like one can build something very secure with that data. A key flaw with the name and DoB is that one can easily go through all the "John Smith" combinations with all possible birth dates and find a matching hash.
So a rough workaround we have in mind is to do a hash of name and DoB and use it as "username" (everything happens in the background of course). Some additional steps would be to code the date of birth and add salt to hashish.
Authentication would happen through facial recognition. The idea is to encrypt a user image with some combination of the name and DoB as well, so that at least it is not so easy for the database administrator to access.
A user would log in with just their name, DoB, and image, on a system that would first search through the hashes until a match was found, then decrypt the corresponding image and compare the two images to allow login or not.
In summary, user credentials would be something like:
SHA256(NAME + SCRAMBLED_DOB + SALT) => AES(PICTURE_DATA, (NAME+SCRAMBLED_DOB))
Salt could also be added to the image encryption, so when you log in:
- All potential versions of SCRAMBLED_DOB are tested with multiple salts until a hash found in the database is found.
- The specific hash and sequence of DoB digits found in Step 1 are used to decrypt the image.
- The image is compared to the image sent at login, which is then discarded
This process could be long, but depending on how long, may be acceptable in the name of privacy.
So essentially what I'm wondering is:
- would do
SHA256(NAME + SCRAMBLED_DOB + SALT) be safe enough, given the project requirements?
- Any suggestions for a better way to encrypt the image?
- Any suggestion for this system in general?
Thanks in advance!