Password Storage Cheat Sheet

From OWASP
Revision as of 13:07, 21 September 2011 by Jmanico (Talk | contribs)

Jump to: navigation, search

DRAFT CHEAT SHEET - WORK IN PROGRESS

Introduction

This article is focused on providing guidance to storing a passwords in order to help prevent password theft.

Password Storage Rules

  1. Use a modern hash
    1. SHA
    2. bcrypt
  2. Use a long cryptographically random salt
    1. Isolate the salt from the hash
  3. Iterate the hash

OWASP Cheat Sheets Project Homepage