Passwords in DB

less than 1 minute read

OWASP guidelines for storing Passwords into the DB

OWASP guidelines

One way Password Hashing Algorithm

slower thus discourages Brute force att
MD5, SHA-1 -> Fast, less secured so shouldn’t be used

Vulnerable to pre-computation attacks like

rainbow tables
databased-based lookups

Adding Salt to Password

Salt: Unique Randomly generated String

Hash (password + Salt) -> Ensures that the hash is unique to each password

makes pre-computation attacks unattractive

PAssword mnatching

Inm the DB, salt and hash value is kept in two columns

when the uses tries to login, the salt is fetched, added to the password user input, and hash value is calculated and matched with the DB column

You may also enjoy

Finances

less than 1 minute read

Clustering Vs Partitioning

less than 1 minute read

GCC Cross Compiler - Mac installation

less than 1 minute read

Jenkins

less than 1 minute read