New Feature: Salted Passwords

Based on a suggestion by Ryan Govostes, I have implemented salted passwords. If the database is compromised by some sort of attack — SQL injection, or otherwise — the attacker will be unable to use a pre-made collision table.

Now, there is an application salt in addition to a per-user salt. The idea behind the application-wide salt is that if the database is compromised but the application data is not, it will be extremely difficult, if not impossible to generate collisions against the hashed passwords. The per-user salt is stored in the database and increases the complexity of collision-generation while not significantly affecting application performance.

2009: 11/07
POSTED BY: Ryan
CATEGORY: New Features
Security
TAGS: 113
feature
hash
password
Revision 113
salt
Security
Write comment

No comments yet.

TrackBack URL

No trackbacks yet.

You must be logged in to post a comment.

About

The Digital Phoenix Learning Management System is a web-application for instructors to use as a tool for organizing their coursework and student submitted materials.

RSS FEED

Recent entry

2009-12-07
Student Grades – Percentages and Overall
2009-12-07
Class Assignment Averages
2009-12-05
IE8 Compatibility
2009-11-15
Security: Application-Wide Access Control
2009-11-15
Bugfix: Course Content & Uploads

Next Generation Open Source LMS