Difference between revisions of "Password Storage Cheat Sheet"

From OWASP
Jump to: navigation, search
m (Password Storage Rules)
m
Line 1: Line 1:
= ACTIVE WORK IN PROGRESS AUGUST 2011 =
+
= DRAFT CHEAT SHEET - WORK IN PROGRESS =
  
 
= Introduction =
 
= Introduction =

Revision as of 13:04, 21 September 2011

DRAFT CHEAT SHEET - WORK IN PROGRESS

Introduction

This article is focused on providing guidance to storing a passwords in order to help prevent password theft.

Password Storage Rules

  1. Use a Modern Hash
    1. SHA
    2. bcrypt
  2. Use a long cryptograpgically random salt
    1. Isolate the salt from the hash
  3. Iterate the hash

OWASP Cheat Sheets Project Homepage