65898981f1
* Modify S5344: Re-arrange the folder for new languages * modify a file name typo * last tweaks * changed diff * reorg fixes * Apply suggestions from code review
14 lines
588 B
Plaintext
14 lines
588 B
Plaintext
|
|
==== Never store passwords in cleartext
|
|
|
|
A user password should never be stored in clear text. Instead, a hash should be
|
|
produced from it using a secure algorithm. When dealing with password storage
|
|
security, best practices recommend relying on a slow hashing algorithm, that
|
|
will make brute force attacks more difficult. Using a hashing function with
|
|
adaptable computation and memory complexity also is recommended to be able to
|
|
increase the security level with time.
|
|
|
|
Adding a salt to the digest computation is also recommended to prevent
|
|
pre-computed table attacks (see rule S2053).
|
|
|