Difference between revisions of "Password Storage Cheat Sheet"

From OWASP
Jump to: navigation, search
m
m (Password Storage Rules)
Line 7: Line 7:
 
== Password Storage Rules ==
 
== Password Storage Rules ==
  
# Use a Modern Hash
+
# Use a modern hash
 
## SHA
 
## SHA
 
## bcrypt
 
## bcrypt
# Use a long cryptograpgically random salt
+
# Use a long cryptographically random salt
 
## Isolate the salt from the hash
 
## Isolate the salt from the hash
 
# Iterate the hash
 
# Iterate the hash

Revision as of 14:07, 21 September 2011

DRAFT CHEAT SHEET - WORK IN PROGRESS

Introduction

This article is focused on providing guidance to storing a passwords in order to help prevent password theft.

Password Storage Rules

  1. Use a modern hash
    1. SHA
    2. bcrypt
  2. Use a long cryptographically random salt
    1. Isolate the salt from the hash
  3. Iterate the hash

OWASP Cheat Sheets Project Homepage

Developer Cheat Sheets (Builder)

Assessment Cheat Sheets (Breaker)

Mobile Cheat Sheets

OpSec Cheat Sheets (Defender)

Draft Cheat Sheets