{"id":18457976,"url":"https://github.com/alokkusingh/security-strategy","last_synced_at":"2026-02-12T11:44:49.635Z","repository":{"id":95088501,"uuid":"406607038","full_name":"alokkusingh/security-strategy","owner":"alokkusingh","description":"Security Strategy","archived":false,"fork":false,"pushed_at":"2021-09-15T05:32:53.000Z","size":3,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-23T16:23:03.557Z","etag":null,"topics":["login","password-storage","web-security"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alokkusingh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-15T03:58:15.000Z","updated_at":"2024-02-18T08:33:56.000Z","dependencies_parsed_at":"2023-03-05T07:00:13.591Z","dependency_job_id":null,"html_url":"https://github.com/alokkusingh/security-strategy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/alokkusingh/security-strategy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alokkusingh%2Fsecurity-strategy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alokkusingh%2Fsecurity-strategy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alokkusingh%2Fsecurity-strategy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alokkusingh%2Fsecurity-strategy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alokkusingh","download_url":"https://codeload.github.com/alokkusingh/security-strategy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alokkusingh%2Fsecurity-strategy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272858542,"owners_count":25005092,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-30T02:00:09.474Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["login","password-storage","web-security"],"created_at":"2024-11-06T08:16:17.221Z","updated_at":"2026-02-12T11:44:44.615Z","avatar_url":"https://github.com/alokkusingh.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# security-strategy\nSecurity Strategy\n\n## Login Password Storage Strategy\n### 1. Plain Password In DB\n#### Mechnisam\n##### Registration\nStore the password in plain text form.\n##### Login\nCompare the user input passwrd with stored passowrd.\n#### Pros\n1. Very simple implmentaion.\n2. Passowrd retrival is possible.\n#### Cons\n1. Very bad strategy - if Db is hacked or opeartion engineer can see password.\n\n### 2. Digested Password In DB\n#### Mechnisam\n##### Registration\nHash the user password and store in DB - preferably SHA256 hashing.\n#### Pros\n1. Better than the plain text one.\n#### Cons\n1. If 2 passwords are same, the hash code will be same. So, easy to guess the common password strings.\n2. Passowrd retrival is not possoble. Only password reset can be done.\n\n### 3. Digested Password along with Salt In DB\n#### Mechnisam\n##### Registration\nHash the user password by adding random salt and store in DB along with random salt - preferably SHA256 hashing.\n##### Login\nHash the user input password by adding stored salt and compare with stored hashed password.\n#### Pros\n1. Hashed password will be diffrent even the two passwords are same. So, hard to break.\n#### Cons\n1. Additional salt storage is needed.\n2. Passowrd retrival is not possoble. Only password reset can be done.\n\n### 4. Digested Password using BCrypt In DB\n#### Mechnisam\n##### Registration\nHash the user password using BCrypt and store in DB. BCrypt adds the salt and then hashes the password. The salt is added to the hashed password. No additional salt storage needed.\n##### Login\nUse BCrypt to compare the userinput and hased stired password.\n#### Pros\n1. Hashed password will be diffrent even the two passwords are same. So, hard to break.\n2. No need to store salt in additional column.\n#### Cons\n2. Password retrival is not possoble. Only password reset can be done.\n\n### 5. No Password Storage in DB\n#### Mechnisam\n##### Registration\nUse AES (Symetric Encryption Mechnisam) to encrypt the userid, use password as encryption key. Store the encrypted userid, no need to store the password.\n##### Login\nUse AES to decrypt the userid, use password as decryption key and compare.\n#### Pros\n1. No need to store the password.\n#### Cons\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falokkusingh%2Fsecurity-strategy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falokkusingh%2Fsecurity-strategy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falokkusingh%2Fsecurity-strategy/lists"}