Strategy to migrate Passwords securely from one application to another

Question

We are working on a tool that exports data from Source Application "S" to CSV files. These CSV files are manually migrated to box where the Target Application "T" resides. Each line in this CSV is encrypted. The sensitive data being migrated are passwords, password histories and challenge question-answers, etc.

We would be using the AES Encryption encrypt the user data. The question is should we generate a secret key for each user separately to encrypt/decrypt that specific user's data ?

If yes, how can we manage secret keys for thousands of users and in what form should we store them.

Other Easy alternative is to use one secret key for all the passwords and store this key in a JCEKS keystore.

Which would be a better and more secured approach ?

Answer 1

The question you should ask yourself is: what risk are you trying to mitigate ?

By using a different key for each row, you are attempting to mitigate the fact that, if a key leaks, it will not compromise the other rows. This is balanced by the fact that, the more keys you have, the more difficult it is to manage them securely.

Now, assuming that you're going to do a one-time migration, you're going to have to use ALL these keys at the same time, twice: once during export and once during import. This means that your window of vulnerability will not actually be reduced: there is few chances that one of these keys could be compromised without ALL of them being compromised.

So, in my opinion, I don't think that generating different keys for different rows will grant you any significant improvement in security but I'm pretty sure it will make your job harder.