Just read this article and it has good pointers for anyone putting passwords on their website.
http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html
In summary, if we’re storing passwords, we’re probably storing those passwords incorrectly. If it isn’t obvious by now, cryptography is hard, and the odds of us getting it right on our own are basically nil. That’s why we should rely on existing frameworks, and the advice of experts like Thomas. What higher praise is there than that of praise from your sworn enemy?
Let’s recap:
- Do not invent your own “clever” password storage scheme. I know, you’re smart, and you grok this crypto stuff. But through this door lies madness– and abominations like LMHash that have ongoing, worldwide security ramifications we’re still dealing with today. Take advantage of whatever password storage tools your framework provides, as they’re likely to be a heck of a lot better tested and more battle-proven than any crazy scheme you and your team can come up with on your own. Security vulnerabilities, unlike functionality bugs in your application, run deep and silent. They can lay dormant for years.
- Never store passwords as plaintext. This feels like security 101 and is completely obvious in retrospect. But not everyone knows what you know — just ask Reddit. Store the hashes, never the actual passwords. Educate your fellow developers.
- Add a long, unique random salt to each password you store. The point of a salt (or nonce, if you prefer) is to make each password unique and long enough that brute force attacks are a waste of time. So, the user’s password, instead of being stored as the hash of “myspace1”, ends up being stored as the hash of 128 characters of random unicode string + “myspace1”. You’re now completely immune to rainbow table attack.
- Use a cryptographically secure hash. I think Thomas hates MD5 so very much it makes him seem a little crazier than he actually is. But he’s right. MD5 is vulnerable. Why pick anything remotely vulnerable, when you don’t have to? SHA-2 or Bcrypt would be a better choice.