Best practice for storing usernames & password in MySQL Databases [duplicate] Best practice for storing usernames & password in MySQL Databases [duplicate] database database

Best practice for storing usernames & password in MySQL Databases [duplicate]


mysql database database-design encryption password-encryption

For the password hash use PBKDF2 it's NIST approved. You should use a random non-secret salt for each password and nontrivial (over 1000) iteration count.

For the username and email, probably not worth encrypting.

mysql database database-design encryption password-encryption

The best practices IMO are:

  • Use a hashing algorithm such as SHA256 or SHA512. MD5 is insecure now as you can reverse the hash/perform a rainbow attack.

  • Use a strong salt to ensure an attacker cannot guess commonly hashed passwords if they ever gained entry to your database.

  • Do not use encryption.

  • Only hash the passwords, usernames and e-mails are fine as plain text.

mysql database database-design encryption password-encryption

It's only really the password that you need encrypting. Realistically, you should be both Hashing (that's what you mean when you say encoding) in an algorithm at least SHA-256 really (I'm pretty sure MD5 and SHA1 are crackable?) AND Salting your passwords to be extra safe.

Here's an answer on the preferred method of storing them: Preferred Method of Storing Passwords In Database

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last