So this is my first ever post but I recently started working on a semi serious personal project that deals with storing users passwords and I decided that I needed to find out what the most secure way to store my users passwords was. So this is a brief summary of the different methods of password storage that I came across along with some links at the end for more information if anyone else is interested in the topic.
The first and most naive way to store passwords in your database is in plain text. There are a couple of ‘advantages’ to this (they aren’t really advantages at all). The first is that this makes it incredibly easy to verify the users password during login. The second is that it means if the user forgets their password we can email it to them (don’t do this)
I can’t emphasise strongly enough that you should NEVER, EVER, store passwords in plain text. Many users use the same password across all their applications and therefore if an attacker ever gets access to your database you’ll have given them your users email addresses and passwords on silver platter.
Encryption is a small step up from storing passwords in plain text. You can think of encryption like putting the users passwords in a box locking it with a padlock. The benefit of encryption is that our passwords are no longer stored in plain text and we can’t work out a users password by simply looking in the database. However, the problem with encryption is that one key can be used to unlock every users password and therefore all it takes is for an attacker to get their hands on the key and they’ve got all your users passwords.
Another problem with encryption is if we have users that have the same password then the encrypted versions of their passwords will be the same. This means that attackers can see which users have the same password and if lots of users have the same password then it’s probably a fairly common password. It also means that if you store password hints in your database an attacker can see all the passwords that are the same and their hints and quite easily work out what the password is.
Hashing is an improvement over encryption because there is no key to decrypt our passwords into plain text and depending on the hashing algorithm used it can be very computationally expensive for someone to try to crack the passwords. The reason hashes are so hard to crack is because they are one way operations that are easy to calculate but very difficult to reverse. I highly recommend this Tom Scott video for a good explanation on this.
However, the downside of only hashing our users passwords is that like with encryption, if two or more users have the same password their passwords will have the same hash which is where hashing and salting comes in.
Hash & Salt
So we already know what a hash is but what is a salt and why does it make a difference?
A salt is a randomly generated string of characters that we append or prepend to our users password. This means that when we hash the users password we are hashing the combination of their password and salt. Since two users won’t have the same salt, it means that even if their passwords are the same once their salted passwords have been hashed the two hashes will be completely different. This means that by simply looking at the database it’s impossible to tell whether or not two users have the same password and it prevents attackers from being able to use dictionary or brute force attacks.
Below are some resources that I found particularly useful when learning about password storage. Thanks for reading and if there’s anything I got wrong or if you know something that I don’t I welcome any and all feedback.