Using the information you gathered in handsOn Project 54 wri

Using the information you gathered in hands-On Project 5-4, write a one -page memo to the paralegal, Ms.D.K. Jones, explaining the process you used to find the e-mail and password data.

Solution

If you\'re a web developer, you\'ve probably had to make a user account system. The most important aspect of a user account system is how user passwords are protected. User account databases are hacked frequently, so you absolutely must do something to protect your users\' passwords if your website is ever breached. The best way to protect passwords is to employ salted password hashing. This page will explain why it\'s done the way it is.

There are a lot of conflicting ideas and misconceptions on how to do password hashing properly, probably due to the abundance of misinformation on the web. Password hashing is one of those things that\'s so simple, but yet so many people get wrong. With this page, I hope to explain not only the correct way to do it, but why it should be done that way.

IMPORTANT WARNING: If you are thinking of writing your own password hashing code, please don\'t!. It\'s too easy to screw up. No, that cryptography course you took in university doesn\'t make you exempt from this warning. This applies to everyone: DO NOT WRITE YOUR OWN CRYPTO! The problem of storing passwords has already been solved. Use either use either phpass, the PHP, C#, Java, and Ruby implementations in defuse/password-hashing, or libsodium.

If for some reason you missed that big red warning note, please go read it now. Really, this guide is not meant to walk you through the process of writing your own storage system, it\'s to explain the reasons why passwords should be stored a certain way.

You may use the following links to jump to the different sections of this page.