Friday, November 22, 2013
How not to store passwords
Well, this one is a bit technical but considering not a single week goes by without some site being hacked and their user databases being published out in the open, putting their data and their passwords in danger, I think we can begin to consider basic security techniques as being essential common knowledge for all.
Even without a technical background you'll surely understand the basics of it all. If you have a website where users can register themselves, you'll need to store that data somewhere, in order to "remember" the user when he comes back later. That's what databases are for, and in there you'll store things like a user number, user names... and their passwords.
Now, as you can imagine, storing a password as plain text might sound useful to you, but consider the risks if - or more likely: when - an attacker gets hold of that database and instantly gets to know each and every password of every user you ever had. When you consider most users use the same or similar passwords on many other sites, your site could become the weakest link, allowing an attacker to hijack their accounts on services like Google, Facebook, etc.
Encryption might sound tempting. Your password would be encrypted... but chances are if the hacker got to your database, he probably also got access to your site source code, and saw the encryption key you're using, and as such he can easily encrypt it.
That's where hashing come in. Hashing can provide a statistically unique number for any sequence of number or characters, whether it's a single word or an entire book. The key part is, it's completely irreversible! So, if you get hold of an hash, there's no way you can get back to the original piece - which is perfect for password use as we don't need to know the original password, we just need to check if the password the user enters will result in an hash just like the one we have stored.
The problem is, common hashing algorithms are well known, and hackers have precomputed hash tables of most common passwords, as well as specialized computers with GPUs that can calculate millions of hashes per second. And that leads us to "salting". Salting adds a random component to each hash, so that even a common password will result in a completely different hash, making it a lot harder (nearly impossible) for crackers to crack.
Better yet... if you have the chance, don't even store a password, and just request the user's email, and send them a link with a token that grants them temporary access... that way you won't have nothing to store but the email, and all that password security responsibility will be passed along to their email service. Let them worry about that! :)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment