Password Storage Cheat Sheet

From OWASP
Revision as of 00:07, 26 August 2011 by Jmanico (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

ACTIVE WORK IN PROGRESS AUGUST 2011

Introduction

This article is focused on providing guidance to storing a passwords in order to help prevent password theft.

Password Storage Rules

  1. Use a strong hash
    1. SHA
    2. bcrypt
  2. salt
  3. salt isolation
  4. hash iteration