Password Storage

Our users’ passwords are extremely valuable to attackers. An attacker with access to user passwords pretty much has full control of our application. Such an attacker will probably be able to gain access to many other systems as well: unfortunately, people frequently use the same passwords on multiple websites.

We’ll obviously do everything we can to prevent compromise. But if we fail in that, we can take an important precaution to lower the value of our users’ passwords—we won’t store the user passwords at all. Instead, we’ll use a cryptographic hashing algorithm so that we store a value that’s derived from the password.

We’re going to start with a brief discussion of hashing and then walk through a brief history of password-storage techniques.

On storing (and not storing) Your users’ passwords

Instead of storing a user password, we can store a value that’s derived from the password itself. If this derivation can only be performed in one direction (that is, it’s easy to calculate the derived value given a password but it’s hard to go from a derived value back to the original password), then we’ll have a great defense. When a user creates an account for themselves, they’ll enter a password and we won’t store the password itself, we’ll only store the derived value. Next time the user logs in, they’ll type in their password, we’ll perform that same derivation and compare it to the ...