█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/Application Security/OWASP A02: Cryptographic Failures and Password Hashing
50 minIntermediate

OWASP A02: Cryptographic Failures and Password Hashing

After this lesson, you will be able to: Recognize, find, and fix Cryptographic Failures (OWASP A02), and store passwords correctly with proper hashing (the security context for hash functions).

Cryptographic Failures (formerly 'Sensitive Data Exposure') is OWASP A02: data that should be protected is exposed because cryptography is missing, weak, or misused. The most common case is password storage, which is why this lesson is also the dedicated hash-functions security lesson: cryptographic hashes vs hash tables, why MD5 and SHA-1 are broken for security, salting and rainbow tables, and how to hash passwords correctly in code.

Prerequisites:Broken Access Control

What it is, and cryptographic hashing vs hash tables

A02 covers failures to protect sensitive data: transmitting it in cleartext (no TLS), storing it unencrypted, or using weak/old algorithms. The signature case is password storage. A cryptographic hash (SHA-256, bcrypt, Argon2) is a deliberately one-way function used for passwords and integrity, which is a different thing from the fast hash function inside a hash-table data structure (built for speed, not security). For passwords you must use a slow, salted password-hashing function, never a plain fast hash, and never reversible encryption.

ℹ️ Real-world breach

LinkedIn (2012) leaked about 6.5 million (later revealed as 167 million) password hashes that were unsalted SHA-1. Because SHA-1 is fast and unsalted, attackers cracked the vast majority within days using GPUs and precomputed rainbow tables. The lesson the industry took from it: a fast, unsalted hash is barely better than plaintext for passwords. Adobe's 2013 breach was worse, using reversible encryption (ECB) plus plaintext password hints.

Why MD5/SHA-1 are broken for passwords, plus salting and rainbow tables

MD5 and SHA-1 are fast (billions of guesses per second on a GPU) and have known collision weaknesses, so they are unfit for passwords or signatures. A rainbow table is a precomputed map of hash to plaintext; an unsalted hash can be reversed by lookup. A salt is a unique random value stored with each hash, so identical passwords get different hashes and precomputed tables are useless. Modern password functions (bcrypt, scrypt, Argon2) are deliberately slow (a tunable work factor) and salt automatically, making brute force expensive even after a database leak.

How to find it, and how to fix it (proper password hashing)

Look for fast/unsalted hashing or cleartext; fix with a real password-hashing function.

python
# FIND IT (red flags in code or a leaked DB):
# - passwords stored as md5(pw) or sha1(pw) or sha256(pw) with no salt
# - passwords stored encrypted (reversible) or in plaintext
# - sensitive data sent over http:// (no TLS)
# VULNERABLE
import hashlib
stored = hashlib.sha256(password.encode()).hexdigest() # fast + unsalted
# FIXED: argon2 (modern default) or bcrypt; slow + auto-salted
from argon2 import PasswordHasher
ph = PasswordHasher()
stored = ph.hash(password) # unique salt + tunable cost baked in
# verify:
try:
ph.verify(stored, attempt) # raises on mismatch
except Exception:
deny()
# Also: enforce TLS everywhere; encrypt sensitive data at rest with a
# managed key (KMS); never log secrets.
Quick Check

Why is salted bcrypt/Argon2 the right choice for passwords over SHA-256?

Pick the most complete answer.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←OWASP A01: Broken Access Control
Back to Application Security
OWASP A04: Insecure Design→