Passwords in DB

less than 1 minute read

OWASP guidelines for storing Passwords into the DB

OWASP guidelines

One way Password Hashing Algorithm

slower thus discourages Brute force att
MD5, SHA-1 -> Fast, less secured so shouldn’t be used

Vulnerable to pre-computation attacks like

rainbow tables
databased-based lookups

Adding Salt to Password

Salt: Unique Randomly generated String

Hash (password + Salt) -> Ensures that the hash is unique to each password

makes pre-computation attacks unattractive

PAssword mnatching

Inm the DB, salt and hash value is kept in two columns

when the uses tries to login, the salt is fetched, added to the password user input, and hash value is calculated and matched with the DB column

You may also enjoy

Diodes

less than 1 minute read

Soft Starter

1 minute read

Gates - Not Gate with Diodes

less than 1 minute read

LDR - Light Dependent Resistor/Photoresistor

less than 1 minute read