# Passwort Hashing
To make passwords save from offline attacks, they need to be hashed. Therefore, in case data is stolen the damage can be reduced.
A07:2021# Background
# Context
In case a web application was attacked successfully and user data was lost, attackers are not able to directly use the gathered usernames and passwords since the hash cannot be used to recreate the password. Furthermore, salting should be used to protect the passwords from recreation with Rainbow-Tables. The salt, which is an randomly generated string, is added to the password hashed with it. Consequently, similar passwords do not result in the same hash.
The hash function requires the hashed password, the salt and a work factor (rounds of hashing). Different recommendations for the selection of the correct hash function, the length of the salt and the length of the secret can be found bellow:
Recommended password hashing algorithms:
- BSI: Argon2id
- NIST: PBKDF2
- OWASP: Argon2id > bcrypt
Configuration of Argon2id based on OWASP (BSI does not define concrete configuration):
- Memory size = 15 MiB
- Iterations = 1
- Degree of parallelism = 1
# Problems
- Incorrectly implemented hashing
- Complicated configuration of algorithms
DANGER
Never do it yourself!
# Solutions
- Usage of libraries that offer secure default configuration
- If possible: Use other tools that handle password storage
# Technology
Configuration examples exist for both Node.js (opens new window) and Spring Boot (opens new window).
# Node.js
The usage of the library argon2 (opens new window) is recommended. However, if OWASP's recommendations are considered, the library has to be configured as shown in the following:
argon2.hash(
password,
{
type : argon2.argon2id,
timeCost: 2,
memoryCost: 15360,
parallelism: 1
})
# Spring Boot
In Spring Boot one can use the PasswordEncoder (opens new window) interface. It offers high Security by Default by perfectly implementing OWASP's recommendations.