Storing passwords

Soldato
Joined
6 Mar 2008
Posts
10,078
Location
Stoke area
Hi,

So, what do you consider the correct way of storing a password?

I'm looking a writing a little database app for a reason to code, it's a simple reference app that pulls insurers that cover odd items.

Password will be stored in a MySQL database table but I know enough that basic text isn't the right way, I've heard MD5 isn't exactly secure either.

Am I better off relying on the database to encrypt it or would using something in the software itself be the best way of encrypting and decrypting and just use the dbase for storage?

I'm looking at a Python app saved as an exe so I'm aware Python can show code.

Help :D
 
Soldato
Joined
1 Nov 2007
Posts
5,583
Location
England
If you are going to be storing passwords, then I highly recommend using the Argon2 hashing algorithm as it protects against both CPU and GPU brute-force attacks. Whatever you do though, do not write your own implementation of a hashing algorithm or try and implement the spec without really knowing what you are doing.
 
Back
Top Bottom