Adobe’s October 2013 data breach was not only one of the largest breaches ever, it could have been prevented if the company had stored the user passwords correctly. They didn’t and to their great embarrassment, 150,000,000 records were exposed.
…here is our minimum recommendation for safe storage of your users’ passwords:
- Use a strong random number generator to create a salt of 16 bytes or longer.
- Feed the salt and the password into the PBKDF2 algorithm.
- Use HMAC-SHA-256 as the core hash inside PBKDF2.
- Perform 10,000 iterations or more. (November 2013.)
- Take 32 bytes (256 bits) of output from PBKDF2 as the final password hash.
- Store the iteration count, the salt and the final hash in your password database.
- Increase your iteration count regularly to keep up with faster cracking tools.
Whatever you do, don’t try to knit your own password storage algorithm.
It didn’t end well for Adobe, and it is unlikely to end well for you.
This also got me to thinking about password length and complexity again, so stay tuned for my latest cogitations on that matter.