Given a raw password
- create an unique salt
- append it to the raw password
- brcypt / SHA512 this combination using disposable secret key that changes over time
- stores the encrypted password and salt in the user table
To verify identity
- append the salt to the raw password
- bcrypt / SHA512 the combination verify
- checks the hashed against the db hashed value
In the verify part, what if the current secret key is no longer the same?
Should I always keep a list of old key and iterate them through to verify that that old password is generated with one of the old keys? If verifier returns true, I will update the new encrypted password.
Also, how can I be sure the salt is unique per-password-per-user?
Is this all I need to do?
Any thing missing? Thanks.
Making sure the salt is unique is easy – you could just hash together the username and the time when the password was last changed.
As for encryption, that’s only necessary if for some reason you want to store the user’s password, not only be able to verify it. It’s more common and more secure to only store a hash of the password and salt. No secret key is necessary and even if an attacker compromises the database, they will have troubling recovering passwords. The only downside is that you can’t tell users their passwords, you can only reset them.