How to store passwords in 2011?

Asked Jun 27 '11 at 06:48

Active Jun 27 '11 at 06:48

Viewed 124 times

Possible Duplicate:
Python's safest method to store and retrieve passwords from a database.

Can someone provide a simple, straightforward description on how passwords should be stored for an average[1] web site in 2011. Bonus points for showing an example in Python or pseudocode.

[1] by average, I mean the site owner would be embarrassed if an employee or hacker posted 10% or more of the passwords on pastebin.

edited May 23 '17 at 10:33

Community

asked Jun 27 '11 at 06:48

pbreitenbach

10,910
3
31
24

Something tells me that if I put `password1` on pastebin, I'll have posted 10% of the passwords to more than a few websites (matching the password up with user accounts is left as an exercise for the reader). – C. A. McCann Jun 27 '11 at 17:37
When it comes to security, I recommend browsing through [security.se]. On this topic, see [How to securely hash passwords?](http://security.stackexchange.com/q/211/414), which has a good language-agnostic overview (the most important points are to never store passwords in cleartext, to always include a salt, and to use a slow hash function). – Gilles 'SO- stop being evil' Jun 28 '11 at 14:42

How to store passwords in 2011?

0 Answers0