Storage and Validation
Understand best practices for storing password hashes securely in various storage systems and validate passwords effectively by enforcing minimum length. Explore handling password complexity, user-friendly restrictions, and options to future-proof your password encryption strategy using algorithms like BCrypt.
We'll cover the following...
Storage
In whatever system you store password hashes: a relational database, key store, lockbox, sock drawer, or file system, use either an unlimited length text field or varchar(255). Your hashing algorithm will produce a maximum length string. Don’t worry about an attack overloading your database. Different hashing algorithms will produce different fixed-length strings so you can set your field length based on your algorithms. I prefer to use a larger-than-needed field ...