Safe Password Hashing

I have written several times about the absolute necessity to properly hash passwords. The tricky part is that properly. It's a bit subtle to get it right. Happily the folks over at Defuse Security have an excellent guide that

  • Tells you what to do
  • Tells you what not to do
  • Provides source code to proper implementations in PHP, Java, C#, and Ruby

If you're a developer tasked with the customer authentication system, be sure to read this. There's lots of good advice in it. And whatever you do, don't store the passwords in plain text. If you do, you're going to end up here and be the object of universal derision and scorn.

This entry was posted in General and tagged . Bookmark the permalink.
  • That's a great guide. I should really stop being shocked, but the prolific use of md5 today still amazes me.

    SHA3 seems really interesting to me since it's such a mathematically different approach than the earlier ones. The details of which, I'm still learning.