Monday, September 17, 2007

Quick: Read this if you ever store password data

Thomas Ptacek has a good post explaining why your password storage scheme is probably bad.

His post has a lot of words, so I'll summarize:
  • Storing passwords in plaintext is obviously bad (most developers already know this)
  • Using a salted-hash such as MD5 or SHA-1 isn't much better. (too easy to brute force)
  • Your other clever password storage ideas are probably bad too.
  • Use bcrypt instead. It was created by real cryptographers for just this kind of thing.

Here's bcrypt for Java. It has a nice simple API:

// Hash a password for the first time
String hashed = BCrypt.hashpw(password, BCrypt.gensalt());

// Check that an unencrypted password matches one that has
// previously been hashed
if (BCrypt.checkpw(candidate, hashed))
System.out.println("It matches");
System.out.println("It does not match");

I'm sure other popular languages have similar libraries.