If we want to protect our data from unauthorized third parties, then we use encryption. But, we do not use encryption to store passwords of users in a database. In this article, we would discuss why encryption is not a good option while storing passwords in a database.
Encryption is a process using which plaintext is converted into ciphertext using a secret key. And, decryption is the reverse process. Using decryption, an encrypted ciphertext is converted back into the plaintext using the same or a different secret key.
A user provides his password on a website at the time of registration. The provided password is stored in a database in some form. Later, when the user logs in again, the password typed by the user at the time of login is matched against the stored password.
Now, if we encrypt a user’s password before storing it in a database, then we would need to decrypt the password every time the user logs in. When the user logs in, we would need to decrypt the stored password, and then match the password typed by the user at the time of login with the decrypted password.
Now, that is very risky. Firstly, if we encrypt passwords using a secret key, then we would need to ensure the security of the secret key. If the security of the secret key gets compromised for some reason, all the passwords stored in the database can be read by attackers.
Moreover, a server administrator never needs to know what the password of a specific user is. The main purpose of a password is authentication. So, if we can store passwords in some form so that unauthorized third parties cannot read them, but the server can verify whether a user is providing the same password at the time of login that he provided at the time of registration, then our purpose will be solved.
So, we do not use encryption while storing passwords in a database. Instead, we use a cryptographic hash function to store the passwords. A password is converted into a different form using a cryptographic hash function such that it is computationally infeasible to derive the actual password from the hashed password. But, if we use the same hash function again and again on the same password, we would always get the same hashed value.
So, how do we store passwords in a database then? When a user provides his password at the time of registration, the server uses a secure cryptographic hash function and generates a hash value. The hashed value is then stored in the database. When the user provides his password again at the time of login, the server generates the cryptographic hash value from the user-typed password in the same way. And, then the server compares the computed hash with the stored hash value. If they match, the authentication is successful.
We also use salts and peppers while storing hashed passwords. What are salts and peppers? We would discuss that in some other article.
I hope this helps. However, readers who want to know more about how various malware and cyberattacks work and how we can prevent them can refer to the book “A Guide To Cyber Security“.
0 Comments