Password Encryption

Passwords may be stored on user workstations or servers. They must be transmitted, in some form, from the user's workstation to a server when the user first logs in, and possibly again later.

Not much can be done to enforce reasonable password encryption or hashing on existing server products. However, if you are responsible for developing a new server or application that manages its own passwords, it is best to store passwords using a well-known and trusted hashing algorithm, such as MD5 or SHA.

Passwords transmitted from a workstation to a server are similarly subject to the protocol developed by that server's vendor. In general, mainframe, minicomputer and Unix servers tend to use no encryption by default, although strong encryption is available from most vendors as an add-on. If password security is important in your organization, and if you cannot trust the physical security of all communication media between a user and the systems s/he logs into, then you should seriously consider additional mechanisms to protect these login sessions.

Some workstations may `cache' passwords -- and automatically provide them to servers when users need access. Such password caches also require strong cryptographic protection, and if this cannot be guaranteed are best avoided.

In some cases, the protocol provided by a vendor may encrypt passwords when they are used to login to a system, but not when a password change is transmitted. This happens with Oracle SQL*Net, for example. In these cases, if password management software is deployed, it is helpful for that software to implement its own encryption, beyond that provided natively by the system vendor.