How should you store user passwords in a database?
Tests knowledge of slow salted hashing versus encryption. Strong answers pick Argon2id or bcrypt, require unique per-user salts, describe verification via re-hashing with constant-time comparison, and cite bcrypt or argon2-cffi.
Tests whether you understand that passwords must be stored with slow, salted, one-way hashing rather than encryption or fast digests. A complete answer recommends Argon2id or bcrypt with unique salts per user, explains verification by hashing the submitted password with the stored salt and comparing via constant-time equality, names a Python library like bcrypt or argon2-cffi, and notes that SHA-256 is unsuitable because it is too fast. Red flag: suggesting reversible encryption, unsalted hashes, or plaintext storage.
Read the original → cheatsheetseries.owasp.org
- #password-storage
- #cryptography
- #python
- #authentication
- #owasp
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.