Chapter 2. Password Encryption, Hashing, and Salting
In the first chapter you learned about the underlying concepts of password security, and the current state of the industry and standards that are employed. Let’s start putting some of that into practice as we explore the practical application of password encryption and security. To start this implementer’s approach, let’s first look at the ways that data can be transmitted and stored.
Data at Rest Versus Data in Motion
As we start to explore the concepts of data security, there are two important concepts that we should address: data in motion versus data at rest.
When we talk about data at rest, we mean the inactive (or resting) digital data that is being stored on your servers, such as the databases that you are using to store passwords, profile information, or any other details needed within your application.
When we discuss the concept of data in motion, we’re talking about any data that is in transit, being sent back and forth from an application to a database, or communication back and forth between websites and APIs or external data sources.
Data at Rest
If you’re talking about credit card environments, where you’ve got a requirement to encrypt the credit card information at rest, I think the most common method people use there is enabling encryption within the database. That’s typically about as good as it gets in terms of host-based encryption.1
Chris Gatford, Hacklabs
Web and application developers ...
Get Identity and Data Security for Web Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.