Difference between revisions of "Password Storage Cheat Sheet"

From OWASP
Jump to: navigation, search
m
m (Password Storage Rules)
Line 7: Line 7:
 
== Password Storage Rules ==
 
== Password Storage Rules ==
  
# Use a Modern Hash
+
# Use a modern hash
 
## SHA
 
## SHA
 
## bcrypt
 
## bcrypt
# Use a long cryptograpgically random salt
+
# Use a long cryptographically random salt
 
## Isolate the salt from the hash
 
## Isolate the salt from the hash
 
# Iterate the hash
 
# Iterate the hash

Revision as of 14:07, 21 September 2011

DRAFT CHEAT SHEET - WORK IN PROGRESS

Introduction

This article is focused on providing guidance to storing a passwords in order to help prevent password theft.

Password Storage Rules

  1. Use a modern hash
    1. SHA
    2. bcrypt
  2. Use a long cryptographically random salt
    1. Isolate the salt from the hash
  3. Iterate the hash

OWASP Cheat Sheets Project Homepage