http://blogs.msdn.com/b/sdl/
By following a few simple guidelines, you can help to ensure that your application’s users’ credentials remain secure, even if your database is compromised:
Always store and compare hashes of passwords, never the plaintext passwords themselves.
Apply a random, unique salt value to each password before hashing.
Use a cryptographically strong hash algorithm such as one from the SHA-2 family.
Allow for potential future algorithm changes by implementing a cryptographically agile design.
Hash on the server tier and be sure to transmit all passwords and credential tokens over HTTPS.
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment