The False Sense of Database Security

In many web sites, passwords are usually stored in a database. I think this is well known to anybody who ever created any web page with user accounts.

Storing passwords in plain text is considered harmful. The only reason that I find is that when someone gets the access to the database, or has the database backup, the passwords are just plain text, so everyone can read them.

Quite nice solution to this problem is hashing the passwords. The database stores no the plain text passwords, but the result of some hash function.

hashed_value = HASH_FUNCTION(password);

The hash function is a one way function, so you can use it for encrypting the password. Decryption is impossible, what’s more, you could probably find many different passwords that have the same hash value. The mostly used hash function is, unfortunately still, md5(). It returns 128 bit hash value. It means that there are only 2^128 possible values… what is a quite huge number: 340,282,366,920,938,463,463,374,607,431,768,211,456. The md5 algorithm contains some flaws and currently is not so secure.

Continue reading