13 lines
586 B
Plaintext
13 lines
586 B
Plaintext
==== Never store passwords in plaintext
|
|
|
|
A user password should never be stored in plaintext. Instead, a hash should be
|
|
produced from it using a secure algorithm. When dealing with password storage
|
|
security, best practices recommend relying on a slow hashing algorithm, that
|
|
will make brute force attacks more difficult. Using a hashing function with
|
|
adaptable computation and memory complexity also is recommended to be able to
|
|
increase the security level with time.
|
|
|
|
Adding a salt to the digest computation is also recommended to prevent
|
|
pre-computed table attacks (see rule S2053).
|
|
|