Learn how to securely store and validate passwords in your database.
Storing passwords in plain text is not a good idea because anyone with internal access can see them.
Storing password hashes directly is not sufficient because it is prone to precomputation attacks, such as rainbow tables.
To mitigate precomputation attacks, we salt the passwords.
According to OWASP guidelines, βa salt is a unique, randomly generated string that is added to each password as part of the hashing processβ.
A salt is not meant to be secret and it can be stored in plain text in the database. It is used to ensure the hash result is unique to each password.
The password can be stored in the database using the following format: π©π’π΄π©( π±π’π΄π΄πΈπ°π³π₯ + π΄π’ππ΅).
To validate a password, it can go through the following process:
A client enters the password.
The system fetches the corresponding salt from the database.
The system appends the salt to the password and hashes it. Letβs call the hashed value H1.
The system compares H1 and H2, where H2 is the hash stored in the database. If they are the same, the password is valid.
API and Web Development
Real World Case Studies
AI and Machine Learning
Database and Storage
Technical Interviews
Caching & Performance
Payment and Fintech
Software Architecture
DevTools & Productivity
Software Development
Cloud & Distributed Systems
How it Works?
DevOps and CI/CD
Security
Computer Fundamentals