(More) Secure Passwords with Hashes

[OBSOLETE] Please just maven the Jasypt library and use StrongPasswordEncryptor.checkPassword(). For detailed information on how and why, consult “How to encrypt user passwords“.

A primitive way of storing login information in the database is with a simple User table, with a VARCHAR UserID column and a VARCHAR password column. With this approach the clear password text is stored directly, making it vulnerable with application developers and database administrators who may have access to the table data. Should the database be hacked the hacker will also be able to see user passwords that can be used to impersonate the user.

An alternative way to store passwords is to hash the password before storing it. Hashing is a one-way function: given the password you can calculate the hash easily, but with the hash it is computationally infeasible to retrieve the original password. Also, the same password will always give you the same hash. It is also unlikely that distinct passwords will generate the same hash. Therefore, you can use widely available hash algorithms like SHA1 to calculate the hash on the password before storing it. When it needs to be verified, the password that the user entered is hashed again and compared to the stored hash. If they match, the user would have entered a correct password. Hackers will only be able to see the hashed value of the password, which is useless to him since he cannot log in with that information.

Using this method, you will not be able to retrieve the password when the user “Forget Password”. This is because you will be unable to tell the user what the password is even though we will know if he entered the correct password. The way to do it is — if he can proof that he is the owner of the account, the password will be reset to a random password (then hashed and stored in the database). The reset password will be sent to the owner, probably to the email of the account. In this way the user can recover his account without anyone ever knowing his previous password (not even himself).

Notice the “(More)” on the post title, it is added because this method is not “secure” by itself, it is just relatively more secure than storing plaintext passwords in the database. Other parts of the system such as the authentication mechanism and operating system also needs to be secured in order to maintain proper system security.

RSS feed for comments on this post · TrackBack URL

Leave a Comment