Databases
StackOverflow2013
Postsdbo
POHow to store passwords *correctly*?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow to store passwords *correctly*?
    text
    copied!<p>An <a href="https://stackoverflow.com/questions/797626/is-using-a-salt-all-that-good">article</a> that I stumbled upon here in SO provided links to <a href="http://www.codinghorror.com/blog/archives/001263.html" rel="nofollow noreferrer">other articles</a> which in turn provided links to <a href="http://www.codinghorror.com/blog/archives/000953.html" rel="nofollow noreferrer">even</a> <a href="http://www.codinghorror.com/blog/archives/000953.html" rel="nofollow noreferrer">more</a> <a href="http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/" rel="nofollow noreferrer">articles</a> etc.</p> <p>And in the end I was left completely stumped - so what is <strong>the best</strong> way to store passwords in the DB? From what I can put together you should:</p> <ul> <li>Use a long (at least 128 fully random bits) salt, which is stored in plaintext next to the password;</li> <li>Use several iterations of SHA-256 (or even greater SHA level) on the salted password.</li> </ul> <p>But... the more I read about cryptography the more I understand that I don't really understand anything, and that things I had thought to be true for years are actually are flat out wrong. Are there any experts on the subject here?</p> <p><strong>Added:</strong> Seems that some people are missing the point. I repeat the last link given above. That should clarify my concerns.</p> <p><a href="https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2007/july/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/" rel="nofollow noreferrer"><a href="https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2007/july/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/" rel="nofollow noreferrer">https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2007/july/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/</a></a></p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload