1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Storing passwords

Discussion in 'HTML, Graphics & Programming' started by AHarvey, Apr 29, 2018.

  1. AHarvey


    Joined: Mar 6, 2008

    Posts: 8,578

    Location: Stoke area


    So, what do you consider the correct way of storing a password?

    I'm looking a writing a little database app for a reason to code, it's a simple reference app that pulls insurers that cover odd items.

    Password will be stored in a MySQL database table but I know enough that basic text isn't the right way, I've heard MD5 isn't exactly secure either.

    Am I better off relying on the database to encrypt it or would using something in the software itself be the best way of encrypting and decrypting and just use the dbase for storage?

    I'm looking at a Python app saved as an exe so I'm aware Python can show code.

    Help :D
  2. kindai


    Joined: Aug 9, 2013

    Posts: 4,769

    Location: Bromsgrove

    A salted bcrypt with 10+ iterations.
  3. chroniclard


    Joined: Apr 23, 2014

    Posts: 7,536

    We generally use a salt and one way hash. Depends what the application is, banking app or just a low level website.
  4. billysielu


    Joined: Aug 9, 2009

    Posts: 9,186

    Location: Oxfordshire

  5. Dj_Jestar


    Joined: Oct 18, 2002

    Posts: 28,013

    Location: Back in East London

    You don't. Use a service like auth0.
  6. Cromulent

    Wise Guy

    Joined: Nov 1, 2007

    Posts: 2,498

    If you are going to be storing passwords, then I highly recommend using the Argon2 hashing algorithm as it protects against both CPU and GPU brute-force attacks. Whatever you do though, do not write your own implementation of a hashing algorithm or try and implement the spec without really knowing what you are doing.
  7. Ergates


    Joined: Jun 24, 2005

    Posts: 115

    A post-it note stuck to your monitor