How I store your password, what password you should choose and what happens when you forget your password

In this article I go into detail on how I store passwords for ListX users.

You can probably imagine, that it's a bad idea to store passwords in plain text (as you type it when logging in). If a database containing plain-text passwords is compromised (when an unauthorized person gains access to it), all user accounts are in immediate danger.
For this reason, as early as 1976, the industry standardized on storing passwords using secure, one-way hashing mechanisms (starting with Unix Crypt). Unfortunately, while this prevents the direct reading of passwords in case of a compromise, all hashing mechanisms necessarily allow attackers to brute force the hash offline, by going through lists of possible passwords, hashing them, and comparing the result. In this context, secure hashing functions like SHA have a critical flaw for password hashing: they are designed to be fast. A modern commodity CPU can generate millions of SHA256 hashes per second. When using a well-specced graphics card, you can calculate hashes at rates of billions per second.
For all my projects I always look at the current situation to make sure, that I correctly store my users' passwords. What I currently use with ListX is a combination of SHA512 on the client-side and bcrypt on the server-side.
First, the plain-text password is transformed into a hash value using SHA512. This addresses two particular issues with bcrypt. Some implementations of bcrypt truncate the input to 72 bytes, which reduces the entropy of the passwords. Other implementations don’t truncate the input and are therefore vulnerable to DoS attacks because they allow the input of arbitrarily long passwords. By applying SHA, I can quickly convert really long passwords into a fixed length 512 bit value, solving both problems.

Next, this SHA512 hash is hashed again using bcrypt with a cost of 10, and a unique, per-user salt. Unlike cryptographic hash functions like SHA, bcrypt is designed to be slow and hard to speed up via custom hardware and GPUs. A work factor of 10 translates into roughly 100ms for all these steps on my servers.

Why not use scrypt or argon2 over bcrypt?

I considered using scrypt, but I had a lot more experience using bcrypt. The debate over which algorithm is better is still open, and most security experts agree that scrypt and bcrypt provide similar protections.
I'm considering argon2 for the next security upgrade, as it is the current winner of the Password Hashing Competition.
Additionally, while I believe argon2 is a fantastic password hashing function, I like that bcrypt has been around for 18 years without any significant vulnerabilities found.

What password should you choose?

I let Randall Munroe (alias XKCD) explain this.
XKCD: Password Strength The problem with current passwords and password restrictions on most sites is, that they are rather easy for a hacker to bruteforce and rather hard for humans to remember.
If you want an easy way to find secure passwords, without using a password generator just built a sentence that makes sense only to you (but don't use correct horse battery staple, it's not safe anymore), comprised of less-common words.
I don't restrict passwords at all. This is, so you can fluidly adapt to current procedures and always have the most secure password.

What happens when you forget your password?

It happens to the best of us. One morning you wake up, get ready to go shopping and as you try to access your ListX shopping list you realize it: You forgot your password.
Now, that's not the end of the world. I don't know what your password is, so don't start tweeting @ me for your passwords.

For me it's really easy to rely on others making good decisions. One of them is, how your email-provider is securing your inbox. If you forget your password with ListX, you'll get a token mailed to you which you can use to set a new password. Sounds easy, right? It is! All you need to do is click the link in the email and enter a new password. This can also be your old password, should it have come to your mind again (in that case you don't even need to change your password, you can simply continue using your old one). After setting your new password, just make sure to delete the email with the link. Doesn't matter whether you used it or not, just make sure that no one will ever be able to find that link (unless privacy doesn't matter to you)

With this information you should be good to go. Sign Up for ListX now!

Luca Kiebel

MEAN-Stack Developer (and PHP if I *have* to); Student 👨🏼‍💻🎓

Münster, Germany

Subscribe to Luca Kiebel

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!