The most appropriate technique to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module is key stretching. Here's why:
Enhanced Security: Key stretching algorithms, such as PBKDF2, bcrypt, and scrypt, increase the computational effort required to derive the encryption key from the password, making brute-force attacks more difficult and time-consuming.
Compatibility: Key stretching can be implemented alongside existing cryptographic modules, enhancing their security without the need for a complete overhaul.
Industry Best Practices: Key stretching is a widely recommended practice for securely storing passwords, as it significantly improves resistance to password-cracking attacks.
[References:, CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl, NIST Special Publication 800-63B: Digital Identity Guidelines - Authentication and Lifecycle Management, OWASP Password Storage Cheat Sheet, , , , ]
Submit