Insecure Password Storage

Severity: Medium to Critical

return home


Passwords for user accounts should use a one-way hash algorithm meeting the following goals:

Without all three of these goals being met, passwords are vulnerable to attack. One should not use digest functions such as MD5 and the SHA family for hashing passwords – they are fast and can be cracked easily using tools such as hashcat.

Security Impact

Attackers with access to user password hashes may be able to determine the passwords in use. This can lead not only to compromise of user accounts on this system, but anywhere else the user may have used the same password.


The use of a secure password storage algorithm (key derivation algorithm) such as bcrypt, PKDF2, and Argon2, for instance, are optimal remediations for this issue, because they are slow and therefore require more computational power to crack than a fast digest algorithm (e.g. MD5). Please keep in mind that it is recommended to set a high number of rounds for PKDF2.

Another benefit of using the key derivation functions such as bcrypt is the fact that they have a built in salt. The salt is randomly generated for each password and then included in the hashing process. For example, in bcrypt you can see the salt in the digest:



return home | suggest changes