Difference between revisions of "Password Storage Cheat Sheet"

From OWASP
Jump to: navigation, search
m
m (Password Storage Rules)
Line 7: Line 7:
 
== Password Storage Rules ==
 
== Password Storage Rules ==
  
# Use a strong hash
+
# Use a Modern Hash
 
## SHA
 
## SHA
 
## bcrypt
 
## bcrypt
# salt
+
# Use a long cryptograpgically random salt
# salt isolation
+
## Isolate the salt from the hash
# hash iteration
+
# Iterate the hash
 
+
  
 
{{Cheatsheet_Navigation}}
 
{{Cheatsheet_Navigation}}
 
  
 
[[Category:Cheatsheets]]
 
[[Category:Cheatsheets]]

Revision as of 13:03, 21 September 2011

ACTIVE WORK IN PROGRESS AUGUST 2011

Introduction

This article is focused on providing guidance to storing a passwords in order to help prevent password theft.

Password Storage Rules

  1. Use a Modern Hash
    1. SHA
    2. bcrypt
  2. Use a long cryptograpgically random salt
    1. Isolate the salt from the hash
  3. Iterate the hash

OWASP Cheat Sheets Project Homepage