Goto main content

help desk

How can I store the password to make sure it is secure?

When storing passwords, it is important to never store them in PLAINTEXT, not only for security purposes, but it's also illegal! How can i make sure it is secure.

Asked on 0000-00-00 00:00:00

OFFICIAL ANSWER

When storing passwords, it is important to never store them in PLAINTEXT, not only for security purposes, but it's also illegal!

To safely store a password, you should be using a hashing algorithm (MD5, BCRYPT, etc) along with a salt
 

Prerequisites:

In your database, a field for each: the username, password, salt, and hashing method (if you plan on having multiple hashing methods)

 

TO STORE THE PASSWORD:

  1. Generate a uniquely generated string (called a salt)
  2. Append the salt to the password string
  3. Pass this new password string into the hashing algorithm you want to use and call it (ex. md5() function)
  4. Store the username, the output of the hashing method above, the salt, and the hashing method in the database (see Figure P1)

 

TO VERIFY THE PASSWORD:

  1. Get the database record used via username (so we can get the salt and hashed password)
  2. Append the salt to the password string (the password we want to verify, not the one we selected from the database record)
  3. Pass this new password string into the hashing algorithm you use (hashing method field) and call it (ex. md5() function)
  4. Compare the output of the hashing method to the password from the database record. If they match, the user can safely log in.

 

Answer by:
Pierre Laplante

Replied on: 2022-01-12 10:43:00