WeWork's WiFi network is leaking sensitive user information
infosec

WeWork's WiFi network is leaking sensitive user information

WeWork WiFi vulnerabilities in the Manhattan-based company building which exposed sensitive company data, ...
Read More
infosec

Microsoft: The biggest risk for businesses is cyberattacks

According to a survey by Marsh and Microsoft, the biggest threat to businesses is cyberattacks. Nowadays,...
Read More
infosec

How to fix iOS 13 bugs in iPhone Mail app

If you have upgraded to iOS 13, then you may have discovered that the Mail app behaves a bit weird, which is ...
Read More
infosec

Check if your folders have malware with Windows Defender!

Windows comes with a free antivirus program, called Windows Defender, that offers continuous protection as well as the ability to ...
Read More
infosec

TalkTalk hackers have also invaded EtherDelta

US authorities accuse two suspects of hacking EtherDelta (cryptocurrency exchange company) in December ...
Read More
Latest Posts

Password Hashing: A Beginner's Guide

Hashing

The hashing is a process that allows someone to ensure that their password is secure and cannot be recovered from hackers. Hashing algorithms are functions one-way. They take a code and convert it to one Constant fingerprint always long. The hashed code cannot be decrypted easily. Basically this process looks like her encryption. So if a hacker breaches a system, he won't be able to get it access in the code.

Many sites use this method to secure their users' passwords.

The procedure is as follows:

  • Initially, the user creates an account.
  • The password is then stored and stored in the database.
  • When the user tries to log on to website, the hash of the entered code is compared to the cached code and if the same is true, the user is logged on to the site normally. Otherwise, a generic message appears saying that something went wrong credentials, without specifying whether the error was detected in the username or password to make it difficult for prospective hackers.

HashingAttacks to "break" hashes

Brute Force and Dictionary attacks

A Brute Strength attack tries all possible character combinations, with a specific length. This means that at some point the code will definitely break. However, this is not an easy process. Even very small passwords can take thousands of years (literally) to break through Brute Force attack, since the hacker cannot know when to get the right combination of characters.

The Dictionary attacks they use a file containing common words, phrases or codes access, that may have been used by someone as a password. Hackers have access to databases that have 100.000 (or more) top passwords. The attack hashing on these passwords and compares the hash with the password it wants to crack. This is a faster method than Brute Force attack.

However, there is another process, known as "salting", which prevents these attacks more effectively.

Salting

The reason why the above attacks can be used and are effective is that hashing is always done the same way. We can do it the random hashing, by adding a random string to the passwords, called salt, BEFORE the hashing.

What to do and what not to do salting process:

Initially, what not to do:

  • Not we have to use same salt for all passwords
  • Not we have to use young in salt length
  • Not we have to use strange double hashes (ex: hash (hash ('mypass')))

What do we have to do:

  • We have to create random salt with the help of special programs (Cryptographically Secure Pseudo-Random Number Generator-CSPRNG)
  • We need to create a new one Unique random salt for each password
  • We have to create big in salt length

Η The salting process is as follows:

  • First, we create a very large salt with the help of a CSPRNG
  • Next, we add the salt to the code and then the hashing
  • We store the salt and hash in the database

Password check:

  • Take the salt and hash from the base data
  • Add salt to the submitted code and hashing
  • Compare the hashes. If the same, the password is correct

How useful was this post?

Average rating / 5. Vote count:

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by
Absent Mia

About Absent Mia

Being your self, in a world that constantly tries to change you, is your greatest achievement

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *