A popular hashing method that does all these things is called bcrypt. Or we could say they are pretty much out of luck. These are call “iterations.” So if I take the password, hash it, add some salt, and hash it again, many times, maybe thousands of times, my hashed password result would be nearly impossible to solve, as the password cracker would have to know what hashing algorithm was used, what the salts were, and how many iterations were run. Stretching increases the complexity of the hash by hashing the password multiple times.It also prevents two users who are coincidentally using the same password for getting the same hash result. If I add a random number to the password and then hash it, it makes it much more difficult to crack the password, even using brute-force automated methods. Salt is also called a “nonce” or a number used once.These older hashing algorithms use keys that are too short. The problem is that some sites use old methods of hashing such as MD5 or SHA-1. This is the way that most passwords are stored in web servers and online databases, and even network operating systems such as Microsoft Active Directory. Hashing the password is a one-way form of encryption that cannot be reversed, even with knowledge of the encryption key.Encrypted passwords sound like a great idea until you realize that if you lose the encryption key, the entire encrypted database can be deciphered.This is the worst way possible to store a password. Unencrypted or plaintext password stores can still be found occasionally.Which one is your website using? Don’t know? I may have some answers for you down the page a bit, so stick with me. There are several ways to protect passwords. And if you think your site is too small to interest cyber-criminals, you would be wrong. If you are operating a website, and collecting your web site’s user credentials, the responsibility to adequately secure your users’ information is yours. (And who hasn’t lost a password or two? Check to find out) If your password has been extracted from a web server breach somewhere, you may already be aware that many website store passwords in a way that makes them easy to crack. As it turns out, using a hash plus a salt is a great recipe for keeping passwords secure on a web server or an authentication database. Wait! This is not a foodie blog! That’s not what I am writing about today. Maybe a couple of poached or over-easy eggs perched on top. I love hash, especially corned beef hash, with a little salt.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |