Goto main content

help desk

Comment puis-je sauver le mot de passe pour m'assurer qu'il est sécurisé ?

Lors du stockage des mots de passe, il est important de ne jamais les stocker en PLAINTEXT, non seulement pour des raisons de sécurité, mais c'est aussi illégal ! Comment puis-je m'assurer qu'il est sécurisé.

Posé le 0000-00-00 00:00:00

RÉPONSE OFFICIELLE

When storing passwords, it is important to never store them in PLAINTEXT, not only for security purposes, but it's also illegal!

To safely store a password, you should be using a hashing algorithm (MD5, BCRYPT, etc) along with a salt
 

Prerequisites:

In your database, a field for each: the username, password, salt, and hashing method (if you plan on having multiple hashing methods)

 

TO STORE THE PASSWORD:

  1. Generate a uniquely generated string (called a salt)
  2. Append the salt to the password string
  3. Pass this new password string into the hashing algorithm you want to use and call it (ex. md5() function)
  4. Store the username, the output of the hashing method above, the salt, and the hashing method in the database (see Figure P1)

 

TO VERIFY THE PASSWORD:

  1. Get the database record used via username (so we can get the salt and hashed password)
  2. Append the salt to the password string (the password we want to verify, not the one we selected from the database record)
  3. Pass this new password string into the hashing algorithm you use (hashing method field) and call it (ex. md5() function)
  4. Compare the output of the hashing method to the password from the database record. If they match, the user can safely log in.
Réponse de:
Pierre Laplante

Répondu le : 2022-01-12 10:43:00