I can envision eyes widening at the site of the thread title though your reactions may be for different reasons than what I am anticipating so my question remains the same: what are the arguments for and against encrypting user's passwords in a database?
I prefer simple conveniences then complete conveniences in order to have better security. Essentially at my level of programming I'd rather have more security then user convenience. In example I won't automatically authenticate a user who returns though I will store their name in a cookie for browser's auto-complete feature to fill in the function (as well as to check the remember-me checkbox). So they have to click the sign in button once...though it's a lot more secure then automatically authenticating them (there is an article on Tom's Guide about this).
Same thing with passwords...I presume automatically generating a new password is more secure then having them stored unencrypted and sending them a reminder of their password? What are the other variables in play?
Storing Passwords: Encrypted or not?
Moderator: General Moderators
- JAB Creations
- DevNet Resident
- Posts: 2341
- Joined: Thu Jan 13, 2005 6:44 pm
- Location: Sarasota Florida
- Contact:
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: Storing Passwords: Encrypted or not?
Pros:
1. Password recovery not reset -- slightly more friendly to end users
Cons:
1. Insecure.
Considering that password theft would totally destroy the credibility of your web site and let a single person muck around with each account...I think the minor inconvience to users by having them reset passwords is moot when compared to the alternative.
1. Password recovery not reset -- slightly more friendly to end users
Cons:
1. Insecure.
Considering that password theft would totally destroy the credibility of your web site and let a single person muck around with each account...I think the minor inconvience to users by having them reset passwords is moot when compared to the alternative.
Re: Storing Passwords: Encrypted or not?
Hashed, with double salts:
viewtopic.php?f=34&t=62782
FYI, once in a pentest, I successfully managed to recover the encrypted admin pass, decrypt it with a chosen plaintext attack (they used a weak algo), then dumped the entire database, and in the end from another hole managed to get the source (which had the key) - in the end I had the complete database with passwords in plaintext.
In contrast hashing strong passwords makes them unrecoverable (even if they are not salted!). For the weak hashes double salting helps immensely, and even if one has complete access to the database and source, on average the top 20% "hardest" passwords will remain secure.
viewtopic.php?f=34&t=62782
FYI, once in a pentest, I successfully managed to recover the encrypted admin pass, decrypt it with a chosen plaintext attack (they used a weak algo), then dumped the entire database, and in the end from another hole managed to get the source (which had the key) - in the end I had the complete database with passwords in plaintext.
In contrast hashing strong passwords makes them unrecoverable (even if they are not salted!). For the weak hashes double salting helps immensely, and even if one has complete access to the database and source, on average the top 20% "hardest" passwords will remain secure.
- JAB Creations
- DevNet Resident
- Posts: 2341
- Joined: Thu Jan 13, 2005 6:44 pm
- Location: Sarasota Florida
- Contact:
Re: Storing Passwords: Encrypted or not?
Thanks to both of you, I was leaning towards encryption. It's just like misplacing one's drivers license, of course it'll be inconvenient. However to smooth the issue for people who need their password reset I can simply direct them to the page where they can change their password manually after they sign in for the first time with their reset password.