O'Reilly logo

Building Scalable Apps with Redis and Node.js by Joshua Johanan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Password-storing theory

We did not spend any time on why we chose PBKDF2 as our password-storing function. We will step through different levels of password security and talk about why we did not choose these methods.

First up is clear text passwords. I think this is very clear why this is a bad security practice. If attackers ever get your database, they have every user's username and password without doing any work. Most users reuse passwords, so this could give the attackers access to many people's Facebook, Gmail, and even the users' bank accounts. Never do this, especially when doing it correctly is very easy.

The next step up in storing passwords is using a hash function. A couple of popular functions are MD5 and SHA-256. These functions will ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required