How can passwords be stored securely in a database?
The issue of storing passwords in a database is one that requires looking closely at data encryption and security protocols that will stop these valuable pieces of data from being hacked or stolen. Experts have come up with some fairly reliable standards for keeping stored passwords in a database more secure.
In addition to principles and strategies for password protection, it helps to promote the use of relatively strong passwords that resist easy guesses by hackers. In addition, engineers and administrators must look at the vulnerability of traffic coming into or out of a database, to prevent different types of password theft.
One fundamental part of password security, in terms of database storage, is called a hash function. A hash function is a complex function that changes a text password into a more complex set of characters by using more complex operations than a familiar mathematical operation such as multiplication. Using hashes and hexadecimal formats can help those who are storing passwords on a database to confuse hackers. Hashes are also used to substitute shorter character strings for longer ones to make data storage and retrieval more efficient.
Another critical aspect of password storage encryption is often called "salt." The principle of salting passwords involves creating additional characters after a text string that are not part of the actual data being stored, but are just useless and insignificant symbols that help to disguise a password. Some refer to salt characters as "noise."
Using complex values and salt, and keeping different types of password keys in strategic places, can help to encrypt the passwords that are stored in a database. Processes for encryption are always evolving, and new technologies could provide additional opportunities for storing valuable data in secure ways. Professionals often use these emerging standards as a reference. For instance, as the technology Pretty Good Privacy (PGP) (which uses hashes) emerged in the early 1990s, it became a standard for encryption.
At Techopedia, we aim to provide insight and inspiration to IT professionals, technology decision-makers and anyone else who is proud to be called a geek. From defining complex tech jargon in our dictionary, to exploring the latest trend in our articles or providing in-depth coverage of a topic in our tutorials, our goal is to help you better understand technology - and, we hope, make better decisions as a result.Full Bio
E-mail is not a threat. (Postal mail) is universal. The Internet is not.- USPS spokesperson Susan Brennan, in a 2001 Wired article.