I am writing a web framework and I am looking for a good way to Hash passwords. I have used BCrypt and know the advantages of a Salted password using a hashing algorithm with a work factor but I have a concern.
I have worked in a few companies and there seems to be a huge turnover rate with developers. Every place I have worked, I have had to have access to the Hash key. It seems to me if 100's of developers have access to the key, there is a huge potential security hole. I was trying to find a good place to hide it so that only senior management would have access but Devs could still load the projects and develop on their local machines.
One Idea I had was to create an API on the production machine so that everything had to authenticate though it meaning Devs could load the project and it would just call the service. This just seemed like a messy way to do it.
Another idea I had would be to use the PWDCOMPARE and PWDENCRYPT in SQL. This seems like a great solution and it is easy to implement. What I have not been able to find is information on things like upgrading the database or replication. If I use this method, what are the pitfalls?
I have looked in to Config encryption too to hide the key but it seems the dev would still have to have access to the key to encrypt it to the local machine.
Any suggestions would be greatly appreciated.