I have recently started a project to code a secure password protection algorithm to be used on both computers and mobile devices. As I have never done anything like it before, I am a bit unsure of where to start. This code needs to be extremely secure, but also flexible on the front end. I am familiar with Java, C, and Ruby. Any ideas from people who have done similar projects?
Asked
Active
Viewed 300 times
0
-
2Can you clarify whether you are trying to create a new encryption algorithm for password storage or trying to implement a design that will store passwords securely using current best practices/algorithms? The first option will get you a lot of "Don't do it yourself!!!" responses, while the second might get meaningful recommendations. – bethlakshmi Dec 11 '13 at 21:09
-
If you are looking to implement a design to store passwords securely and are familiar with Ruby. I would checkout Devise (commonly used in rails applications) at https://github.com/plataformatec/devise to see how they implement it. – Travis Pessetto Dec 12 '13 at 17:29
1 Answers
2
It's a really good idea to not do this yourself; it's easy to mess up if you don't know what you're doing.
The short of it is that you want to hash your passwords with a slow algorithm using a per-user salt. I won't go into much detail, because there are plenty of resources, here and across the web, talking about which hashing function to use, how to store salts, why you need to do these things, etc.
The frontend is completely irrelevant; you just take in user input and pass it to your password-checking function.
Xiong Chiamiov
- 9,384
- 2
- 34
- 76