The good news is that even hackers who have access to a database of account details can’t seethe actual passwords as plaintext. Any reputable web site won’t ever store your password. Instead,they use an algorithm to convert it into a unique,fixed-length block of data, known as ahash. For example, using one very popular
cryptographic algorithm–SHA256, which was developed by the US National Security Agency–the much-used password ‘P@ssw0rd’ generates a 64-character hash starting ‘B03DDF3C...’. This particular password will always create this unique hash,meaning a web site can compare it to the hash of the password you enter when you log in -if the two match, you’re allowed in. You can see how it works by generating SHA256 hashes on the Password Generator website (www.snipca.com/29194,see screenshot right). Notice that when you alter a single character, the hash changes completely.
Securing passwords with a pinch of salt Hashing lets websites store your passwords securely because it’s impossible to reverse-engineer them, but hacker scan still use any number of techniques to workout your password. How easy this is depends on how complex your password is and the methods used by the website to generate its hash. To make it harder for hackers to use To make it harder for hackers to use
rainbow tables to work out a password from its hash, most websites generate a series of random characters and add them to your password before creating the hash-a process known as ‘salting’. Using a saltof ‘aE92@3’ (mostare far more complex than this), our earlier password of ‘P@ssw0rd’ becomes ‘aE92@3P@ assw0rd’. Because this generates a completely different hash, it’s highly unlikely it will existinara in bow table and will there fore bemuchharderto crack. To increase security,the website will use a different salt for each user.
cryptographic algorithm–SHA256, which was developed by the US National Security Agency–the much-used password ‘P@ssw0rd’ generates a 64-character hash starting ‘B03DDF3C...’. This particular password will always create this unique hash,meaning a web site can compare it to the hash of the password you enter when you log in -if the two match, you’re allowed in. You can see how it works by generating SHA256 hashes on the Password Generator website (www.snipca.com/29194,see screenshot right). Notice that when you alter a single character, the hash changes completely.
Securing passwords with a pinch of salt Hashing lets websites store your passwords securely because it’s impossible to reverse-engineer them, but hacker scan still use any number of techniques to workout your password. How easy this is depends on how complex your password is and the methods used by the website to generate its hash. To make it harder for hackers to use To make it harder for hackers to use
rainbow tables to work out a password from its hash, most websites generate a series of random characters and add them to your password before creating the hash-a process known as ‘salting’. Using a saltof ‘aE92@3’ (mostare far more complex than this), our earlier password of ‘P@ssw0rd’ becomes ‘aE92@3P@ assw0rd’. Because this generates a completely different hash, it’s highly unlikely it will existinara in bow table and will there fore bemuchharderto crack. To increase security,the website will use a different salt for each user.
No comments:
Post a Comment