Friday, February 24, 2023

Protecting Passwords: The Importance of Hashing and Salting




When it comes to computer security, one of the most important things you can do is to make sure that passwords are stored securely. One of the key ways to do this is by using a technique called hashing.

Hashing is a way to take a piece of data - in this case, a password - and run it through a mathematical algorithm to produce a fixed-size output that is unique to that input. This output is often referred to as a hash. Importantly, it's very difficult (if not impossible) to reverse engineer a hash to determine the original input. This means that if an attacker gains access to a database of password hashes, they won't be able to immediately determine the passwords themselves.

However, not all hashing algorithms are created equal. Some algorithms are more secure than others, and it's important to choose a strong one to protect your users' passwords. Some popular algorithms for password hashing include bcrypt, scrypt, and Argon2.

While hashing is a good first step for securing passwords, it's not enough on its own. If an attacker gains access to a database of password hashes, they can still use what's known as a "dictionary attack" or a "brute force attack" to try to guess the original passwords. To make this more difficult, it's important to add a technique called salting.

Salting involves adding a random string of characters to each password before it's hashed. This means that even if two users have the same password, their hashed passwords will look different in the database because they'll have different salts. This makes it much more difficult for attackers to use precomputed tables (known as "rainbow tables") to guess passwords.

In summary, hashing and salting are important techniques for securing passwords. Hashing allows you to store passwords in a way that is difficult to reverse engineer, while salting makes it more difficult for attackers to use precomputed tables to guess passwords. By combining these techniques, you can help keep your users' passwords secure.

0 comments:

Post a Comment

Please leave your comment here. Làm ơn ghi rõ nguồn khi lấy thông tin từ INFO TECH.

» Có thể sử dụng các tài khoản tại Blogger-Google, LiveJournal, WordPress, TypePad, AIM, OpenID, hoặc sử dụng Tên/URL-Website [có thể bỏ trống URL], hoặc Ẩn danh để đưa ra comemnt - nhận xét, nếu muốn.

» Đặc biệt - có thể đăng trực tiếp ảnh, mp3, video [của youtube] bằng cách copy - paste rõ ràng link trực tiếp của ảnh [.jpg, .gif, .png], mp3 [.mp3], video [từ youtube.com] vào comment form.

» Ngoài ra có thể bấm vào Preview bên dưới comment form để xem trước conment đã viết, trước khi post-đăng. Tương tự, bấm vào Subscribe by email để đăng ký theo dõi comments của bài này.

» Vui lòng đăng những nhận xét lịch sự và cố gắng gõ tiếng Việt có dấu, đúng chính tả nếu có thể. Rất vui vì những comment thiện ý, thanks!

Latest Posts

Label tag

Page copy protected against web site content infringement by Copyscape
 
About Me
Info Tech provies IT tips, Applications, Blogger, Blog, Adsense ... Use Firefox to open this site!