Public/system-design-101
1
0
Fork 0
mirror of https://github.com/ByteByteGoHq/system-design-101.git synced 2026-04-11 12:27:24 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
system-design-101/data/guides/how-to-store-passwords-in-the-database.md
Kamran Ahmed ee4b7305a2 Adds ByteByteGo guides and links (#106) 
This PR adds all the guides from [Visual
Guides](https://bytebytego.com/guides/) section on bytebytego to the
repository with proper links.

- [x] Markdown files for guides and categories are placed inside
`data/guides` and `data/categories`
- [x] Guide links in readme are auto-generated using
`scripts/readme.ts`. Everytime you run the script `npm run
update-readme`, it reads the categories and guides from the above
mentioned folders, generate production links for guides and categories
and populate the table of content in the readme. This ensures that any
future guides and categories will automatically get added to the readme.
- [x] Sorting inside the readme matches the actual category and guides
sorting on production
2025-03-31 22:16:44 -07:00

1.6 KiB
Raw Permalink Blame History

title, description, image, createdAt, draft, categories, tags
title description image createdAt draft categories tags
Storing Passwords Safely: A Comprehensive Guide Learn how to securely store and validate passwords in your database. https://assets.bytebytego.com/diagrams/0321-salt.png 2024-02-12 false
security
password security
data protection

Things NOT to do

  • Storing passwords in plain text is not a good idea because anyone with internal access can see them.

  • Storing password hashes directly is not sufficient because it is prone to precomputation attacks, such as rainbow tables.

  • To mitigate precomputation attacks, we salt the passwords.

What is salt?

According to OWASP guidelines, “a salt is a unique, randomly generated string that is added to each password as part of the hashing process”.

How to store a password and salt?

  1. A salt is not meant to be secret and it can be stored in plain text in the database. It is used to ensure the hash result is unique to each password.

  2. The password can be stored in the database using the following format: 𝘩𝘢𝘴𝘩( 𝘱𝘢𝘴𝘴𝘸𝘰𝘳𝘥 + 𝘴𝘢𝘭𝘵).

How to validate a password?

To validate a password, it can go through the following process:

  1. A client enters the password.

  2. The system fetches the corresponding salt from the database.

  3. The system appends the salt to the password and hashes it. Lets call the hashed value H1.

  4. The system compares H1 and H2, where H2 is the hash stored in the database. If they are the same, the password is valid.

Reference in New Issue View Git Blame Copy Permalink