Difference between revisions of "Password Storage Cheat Sheet"

From OWASP
Jump to: navigation, search
m
m (Password Storage Rules)
Line 7: Line 7:
 
== Password Storage Rules ==
 
== Password Storage Rules ==
  
# Use a strong hash
+
# Use a Modern Hash
 
## SHA
 
## SHA
 
## bcrypt
 
## bcrypt
# salt
+
# Use a long cryptograpgically random salt
# salt isolation
+
## Isolate the salt from the hash
# hash iteration
+
# Iterate the hash
 
+
  
 
{{Cheatsheet_Navigation}}
 
{{Cheatsheet_Navigation}}
 
  
 
[[Category:Cheatsheets]]
 
[[Category:Cheatsheets]]

Revision as of 14:03, 21 September 2011

ACTIVE WORK IN PROGRESS AUGUST 2011

Introduction

This article is focused on providing guidance to storing a passwords in order to help prevent password theft.

Password Storage Rules

  1. Use a Modern Hash
    1. SHA
    2. bcrypt
  2. Use a long cryptograpgically random salt
    1. Isolate the salt from the hash
  3. Iterate the hash

OWASP Cheat Sheets Project Homepage

Developer Cheat Sheets (Builder)

Assessment Cheat Sheets (Breaker)

Mobile Cheat Sheets

OpSec Cheat Sheets (Defender)

Draft Cheat Sheets