Secure storage of passwords

What is claimed is: 1. A device comprising: a processor configured to: generate a nonce; send, to a user device, the nonce and a public key; receive, from the user device, a username of a user and a string that includes a result of performing encryption, by the user device using the public key, of another string obtained by concatenating a plaintext password and the nonce; retrieve, by using the user name, a salt and a first Message Authentication Code (MAC) that a Hardware Security Module (HSM) previously generated using a secret key internal to the HSM; send the first MAC, the salt, and one or more parameters to the HSM; receive, from the HSM, a message indicating whether the first MAC matches a second MAC that the HSM generates based on the one or more parameters, the salt, and the secret key internal to the HSM; and perform an authentication of the user based on the message. 2. The device of claim 1 , wherein the device further comprises the HSM, and wherein when the HSM generates the second MAC, the HSM is configured to: apply the secret key to a result of concatenating the string and the salt. 3. The device of claim 1 , wherein the processor is further to: send the salt, the nonce, and the string to the HSM, wherein the HSM is configured to generate the first MAC based on the salt, the nonce, and the string. 4. The device of claim 3 , wherein when the HSM generates the first MAC, the HSM is configured to: apply a private key to the string to generate an output string comprising the plaintext password and the nonce; and use the output string to generate the first MAC. 5. The device of claim 1 , wherein the encryption comprises the Rivest-Shamir-Adleman (RSA) encryption. 6. The device of claim 1 , wherein the one or more parameters include the nonce and the string. 7. The device of claim 6 , wherein the device further comprises the HSM, and wherein when the HSM generates the second MAC, the HSM is configured to: decrypt the string using the secret key to obtain a resultant string; remove a portion corresponding to the nonce from the resultant string to obtain the plaintext password; concatenate the plaintext password with the salt to obtain a salted password; and use the salted password and a secret key to generate the second MAC. 8. The device of claim 1 , wherein the processor is further configured to: notify the user device whether the user is authenticated. 9. A method comprising: sending, to a user device, a nonce and a public key; receiving, from the user device, a username of a user and a string that includes a result of performing encryption, by the user device using the public key, of another string obtained by concatenating a plaintext password and the nonce; retrieving, by using the user name, a salt and a first Message Authentication Code (MAC) that a Hardware Security Module (HSM) previously generated using a secret key internal to the HSM; sending the first MAC, the salt, and one or more parameters to the HSM; receiving, from the HSM, a message indicating whether the first MAC matches a second MAC that the HSM generates based on the one or more parameters, the salt, and the secret key internal to the HSM; and performing, by a device, an authentication of the user based on the message. 10. The method of claim 9 , wherein the device comprises the HSM, and wherein when the HSM generates the second MAC, the HSM is configured to: apply the secret key to a result of concatenating the string and the salt. 11. The method of claim 9 , further comprising: sending the salt, the nonce, and the string to the HSM; generating, by the HSM, the first MAC based on the salt, the nonce, and the string. 12. The method of claim 11 , wherein generating the first MAC includes: applying a private key to the string to generate an output string comprising the plaintext password and the nonce; and using the output string to generate the first MAC. 13. The method of claim 9 , wherein the encryption comprises the Rivest-Shamir-Adleman (RSA) encryption. 14. The method of claim 9 , wherein the one or more parameters include the nonce and the string. 15. A non-transitory computer-readable medium, comprising computer-executable instructions, wherein when executed by a processor included in a device, the instructions cause the processor to: generate a nonce; send, to a user device, the nonce and a public key; receive, from the user device, a username of a user and a string that includes a result of performing encryption, by the user device using the public key, of another string obtained by concatenating a plaintext password and the nonce; retrieve, by using the user name, a salt and a first Message Authentication Code (MAC) that a Hardware Security Module (HSM) previously generated using a secret key internal to the HSM; send the first MAC, the salt, and one or more parameters to the HSM; receive, from the HSM, a message indicating whether the first MAC matches a second MAC that the HSM generates based on the one or more parameters, the salt, and the secret key internal to the HSM; and perform an authentication of the user based on the message. 16. The non-transitory computer-readable medium of claim 15 , wherein the one or more parameters include the nonce and the string. 17. The non-transitory computer readable medium of claim 15 , wherein the device comprises the HSM, and wherein when the HSM generates the second MAC, the HSM is configured to: apply the secret key to a result of concatenating the string and the salt. 18. The non-transitory computer-readable medium of claim 15 , wherein the instructions further cause the processor to: send the salt, the nonce, and the string to the HSM, wherein the HSM is configured to generate the first MAC based on the salt, the nonce, and the string. 19. The non-transitory computer-readable medium of claim 15 , wherein the encryption comprises the Rivest-Shamir-Adleman (RSA) encryption. 20. The non-transitory computer-readable medium of claim 15 , wherein the instructions further cause the processor to: notify the user device whether the user is authenticated.