1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Storing passwords

Discussion in 'HTML, Graphics & Programming' started by AHarvey, Apr 29, 2018.

  1. AHarvey


    Joined: Mar 6, 2008

    Posts: 8,929

    Location: Stoke area


    So, what do you consider the correct way of storing a password?

    I'm looking a writing a little database app for a reason to code, it's a simple reference app that pulls insurers that cover odd items.

    Password will be stored in a MySQL database table but I know enough that basic text isn't the right way, I've heard MD5 isn't exactly secure either.

    Am I better off relying on the database to encrypt it or would using something in the software itself be the best way of encrypting and decrypting and just use the dbase for storage?

    I'm looking at a Python app saved as an exe so I'm aware Python can show code.

    Help :D
  2. kindai


    Joined: Aug 9, 2013

    Posts: 5,273

    Location: Bromsgrove

    A salted bcrypt with 10+ iterations.
  3. chroniclard


    Joined: Apr 23, 2014

    Posts: 8,771

    We generally use a salt and one way hash. Depends what the application is, banking app or just a low level website.
  4. billysielu


    Joined: Aug 9, 2009

    Posts: 9,781

    Location: Oxfordshire

  5. Dj_Jestar


    Joined: Oct 18, 2002

    Posts: 28,283

    Location: Back in East London

    You don't. Use a service like auth0.
  6. Cromulent


    Joined: Nov 1, 2007

    Posts: 2,733

    If you are going to be storing passwords, then I highly recommend using the Argon2 hashing algorithm as it protects against both CPU and GPU brute-force attacks. Whatever you do though, do not write your own implementation of a hashing algorithm or try and implement the spec without really knowing what you are doing.
  7. Ergates


    Joined: Jun 24, 2005

    Posts: 136

    A post-it note stuck to your monitor
  8. MonsterMoshi

    Wise Guy

    Joined: May 16, 2011

    Posts: 1,311

    Location: Staffordshire

    I’m gonna for for a +1 for Auth0
    It really takes the hassle out of it and support so many more options
    It just isn’t worth the responsibility
  9. antijoke


    Joined: Jan 28, 2003

    Posts: 37,034

    Location: Stratford-Upon-Avon