Confirmed users
491
edits
WebAppSec/Secure Coding Guidelines: Difference between revisions
WebAppSec/Secure Coding Guidelines (view source)
Revision as of 16:17, 12 October 2011
, 12 October 2011Pls email me to discuss - Undo revision 357366 by Yorickpeterse (talk)
(Undo revision 357368 by Yorickpeterse (talk)) |
(Pls email me to discuss - Undo revision 357366 by Yorickpeterse (talk)) |
||
| Line 73: | Line 73: | ||
===Password Storage=== | ===Password Storage=== | ||
Separate from the password policy, we should have the following standards when it comes to storing passwords: | |||
* Passwords stored in a database should using the hmac+bcrypt function. | |||
The purpose of hmac and bcrypt storage is as follows: | |||
bcrypt | * bcrypt provides a hashing mechanism which can be configured to consume sufficient time to prevent brute forcing of hash values even with many computers | ||
* bcrypt can be easily adjusted at any time to increase the amount of work and thus provide protection against more powerful systems | |||
* The nonce for the hmac value is designed to be stored on the file system and not in the databases storing the password hashes. In the event of a compromise of hash values due to SQL injection, the nonce will still be an unknown value since it would not be compromised from the file system. This significantly increases the complexity of brute forcing the compromised hashes considering both bcrypt and a large unknown nonce value | |||
* The hmac operation is simply used as a secondary defense in the event there is a design weakness with bcrypt that could leak information about the password or aid an attacker | |||
A sample of this code is here: https://github.com/fwenzel/django-sha2 | |||
Keep in mind that while bcrypt is secure you should still enforce good passwords. | Keep in mind that while bcrypt is secure you should still enforce good passwords. | ||