sign-up « Edge of the Web Blog

Always encrypt Passwords in a database

January 15th, 2010

As a web developer I obviously, well, hopefully have a good idea on how most websites fundamentaly work. One thing that always worries me though is when I am signing up for a new account on a website and have to enter a password. Now most of us would have a few or probably just one password that we use when signing up to accounts on-line. This obviously means that we don’t have to remember loads of different passwords, but what worries me is how these passwords are being stored.

When I was a junior developer, just learning to code websites with the facility to sign-up and login to accounts, I would simply store the information entered by the user in a database. So if someone entered the password “jimmy” I would store it in the database as “jimmy”. Now obviously there are limited people who have access to this information, but it is actually quite powerful information to own. This information could be used malicously if in the wrong hands. Take the following as an example:

You sign up for a Facebook using the following credentials:

Username: mark@myemailaddress.com
Password: mypassword

You then also sign-up for an account with ‘my-made-up-website.com’ (this is an example) using the same credentials. Now if ‘my-made-up-website.com’ are storing your username and password as plain text in the database, anybody who has access to the database will be able to see these credentials. They would then have a pretty good idea that you could have used the same log-in credentials for Facebook. Hummm imagine what havoc they could cause on your Facebook page hey or even Amazon account with your saved credit card details?

So…now that I’m a much more experienced programmer, what do I do differently? Well as a minimum I encrypt any passwords being entered into the database. For this I use the following PHP function:

sha1();

So to encrypt the password ‘mypassword’ we would apply the following before adding it to the database:

$password = sha1(‘mypassword’);

This encryption is non-reversible so people who have access to the database wouldn’t be able to use it. There are methods out there to reverse this encryption, but it certainly isn’t easy.

You could also go a step further and add a ‘Salt’ keyword to the password and also run it through sha1() twice, making it a double encryption and this should make it very very very very difficult to reverse. The method for this is as follows:

$salt = ‘shake-it-up’;

$password = sha1($salt . sha1($clean['password']) . $salt);

So adding the ‘Salt’ keyword means the hacker would not only have to guess that you have added that to the start and end of the password, but also that you have ran it through sha1() twice. They would also have to guess the ‘Salt’ word used.

mark williams

Mark is the manager of Edge of the Web, and is also a technical whizz. Mark has spent the last few years building "net native" business systems on the internet for local, national and international companies.

development credentials, database, encryption, php, security, sha1, sign-up