SlideShare une entreprise Scribd logo

Securing Login Credentials - SALT Tutorial

Télécharger en tant que PPTX, PDF
ProdigyView
ProdigyView

Learn how to create secure logins by properly hashing passwords and using SALT.

Technologie
1  sur  12
Creating A Secure Login www.prodigyview.com
Storing A User’s Password Standard issue for having access to a site is a user’s password with an association to a username or email address. BAD PRACTICE !!!! www.prodigyview.com
Storing Passwords in Plain Text On the previous slide, the password was in plain text. THIS IS VERY BAD PRACTICE! 1. If the database is hacked/stolen, users account will be at risk. 2. The user’s information could be at risk from members of the internal organization
MD5 Hashing One answer to solving the problem is MD5 hashing. Before the password is actually inserted in the database, hash it with md5.
Problem with MD5 Hash MD5 hashing is great, except for one small problem. There is a dictionary list of md5 hashes. Just Google the hashed code and see for yourself. www.prodigyview.com
Dictionary List and Attacks A dictionary list is a library of hashed values and their corresponding unhashed strings. In other words, it’s a way of decoding md5 hashed passwords. A dictionary list can be built using other hashing algorithms such as sha1(). How do we get around this? www.prodigyview.com
SALT! Salt is adding a string of text as part of the encryption process. This can prevent basic dictionary list from being formed.
Google the SALTed Hash A Google search for the salted hash will give these results. This is what we want. www.prodigyview.com
A Small Problem with SALT We are about to make things a little more complex. SALT is great because is HARD to make a dictionary list but NOT IMPOSSIBLE. The way around this problem to find some way making a unique SALT for each user. Our next slide is one of many ways of making a unique SALT for extra security. www.prodigyview.com
Use Two IDs A user login’s with their email and password. For our salt to work, lets add in a third login field. Make each user have their own unique pin number that is required to login. The pin number will be the SALT.
PHP Crypt PHP has a function design for securing a user’s password. It will use standard Unix DES algorithm but can be configured to use others. The function also supports SALT. http://php.net/manual/en/function.crypt.php
More Tutorials For more tutorials, please visit: http://www.prodigyview.com/tutorials www.prodigyview.com

Recommandé

Data validation in web applications
Data validation in web applicationsData validation in web applications
Data validation in web applications
srkirkland
 
Web Security
Web SecurityWeb Security
Web Security
Bharath Manoharan
 
Installing Plug-ins
Installing Plug-insInstalling Plug-ins
Installing Plug-ins
ProdigyView
 
Building An Application
Building An ApplicationBuilding An Application
Building An Application
ProdigyView
 
Installing Applications
Installing ApplicationsInstalling Applications
Installing Applications
ProdigyView
 
Video Content Management
Video Content ManagementVideo Content Management
Video Content Management
ProdigyView
 
Audio Content Management
Audio Content ManagementAudio Content Management
Audio Content Management
ProdigyView
 
File Content Management
File Content ManagementFile Content Management
File Content Management
ProdigyView
 

Recommandé

Data validation in web applications
Data validation in web applicationsData validation in web applications
Data validation in web applications
srkirkland
 
Web Security
Web SecurityWeb Security
Web Security
Bharath Manoharan
 
Installing Plug-ins
Installing Plug-insInstalling Plug-ins
Installing Plug-ins
ProdigyView
 
Building An Application
Building An ApplicationBuilding An Application
Building An Application
ProdigyView
 
Installing Applications
Installing ApplicationsInstalling Applications
Installing Applications
ProdigyView
 
Video Content Management
Video Content ManagementVideo Content Management
Video Content Management
ProdigyView
 
Audio Content Management
Audio Content ManagementAudio Content Management
Audio Content Management
ProdigyView
 
File Content Management
File Content ManagementFile Content Management
File Content Management
ProdigyView
 
Email Configuration
Email ConfigurationEmail Configuration
Email Configuration
ProdigyView
 
HTML5 Tags and Elements Tutorial
HTML5 Tags and Elements TutorialHTML5 Tags and Elements Tutorial
HTML5 Tags and Elements Tutorial
ProdigyView
 
HTML Forms Tutorial
HTML Forms TutorialHTML Forms Tutorial
HTML Forms Tutorial
ProdigyView
 
Html Tags Tutorial
Html Tags TutorialHtml Tags Tutorial
Html Tags Tutorial
ProdigyView
 
Video Conversion PHP
Video Conversion PHPVideo Conversion PHP
Video Conversion PHP
ProdigyView
 
Sending Email Basics PHP
Sending Email Basics PHPSending Email Basics PHP
Sending Email Basics PHP
ProdigyView
 
Tools ProdigyView
Tools ProdigyViewTools ProdigyView
Tools ProdigyView
ProdigyView
 
Custom Validation PHP
Custom Validation PHPCustom Validation PHP
Custom Validation PHP
ProdigyView
 
Basic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHPBasic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHP
ProdigyView
 
Understanding Web Cache
Understanding Web CacheUnderstanding Web Cache
Understanding Web Cache
ProdigyView
 
Javascript And CSS Libraries
Javascript And CSS LibrariesJavascript And CSS Libraries
Javascript And CSS Libraries
ProdigyView
 
PHP Libraries
PHP LibrariesPHP Libraries
PHP Libraries
ProdigyView
 
SQL Prepared Statements Tutorial
SQL Prepared Statements TutorialSQL Prepared Statements Tutorial
SQL Prepared Statements Tutorial
ProdigyView
 
Database Basics
Database BasicsDatabase Basics
Database Basics
ProdigyView
 
Implementing the Adapter Design Pattern
Implementing the Adapter Design PatternImplementing the Adapter Design Pattern
Implementing the Adapter Design Pattern
ProdigyView
 
Intercepting Filters Design Pattern
Intercepting Filters Design PatternIntercepting Filters Design Pattern
Intercepting Filters Design Pattern
ProdigyView
 
Creating Dynamic Objects PHP
Creating Dynamic Objects PHPCreating Dynamic Objects PHP
Creating Dynamic Objects PHP
ProdigyView
 
PV Standard Search Query
PV Standard Search QueryPV Standard Search Query
PV Standard Search Query
ProdigyView
 
Prodigyview XML COnfiguration File
Prodigyview XML COnfiguration FileProdigyview XML COnfiguration File
Prodigyview XML COnfiguration File
ProdigyView
 
Learning PHP Basics Part 2
Learning PHP Basics Part 2Learning PHP Basics Part 2
Learning PHP Basics Part 2
ProdigyView
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Contenu connexe

Plus de ProdigyView

Plus de ProdigyView (20)

Email Configuration
Email ConfigurationEmail Configuration
Email Configuration
 
HTML5 Tags and Elements Tutorial
HTML5 Tags and Elements TutorialHTML5 Tags and Elements Tutorial
HTML5 Tags and Elements Tutorial
 
HTML Forms Tutorial
HTML Forms TutorialHTML Forms Tutorial
HTML Forms Tutorial
 
Html Tags Tutorial
Html Tags TutorialHtml Tags Tutorial
Html Tags Tutorial
 
Video Conversion PHP
Video Conversion PHPVideo Conversion PHP
Video Conversion PHP
 
Sending Email Basics PHP
Sending Email Basics PHPSending Email Basics PHP
Sending Email Basics PHP
 
Tools ProdigyView
Tools ProdigyViewTools ProdigyView
Tools ProdigyView
 
Custom Validation PHP
Custom Validation PHPCustom Validation PHP
Custom Validation PHP
 
Basic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHPBasic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHP
 
Understanding Web Cache
Understanding Web CacheUnderstanding Web Cache
Understanding Web Cache
 
Javascript And CSS Libraries
Javascript And CSS LibrariesJavascript And CSS Libraries
Javascript And CSS Libraries
 
PHP Libraries
PHP LibrariesPHP Libraries
PHP Libraries
 
SQL Prepared Statements Tutorial
SQL Prepared Statements TutorialSQL Prepared Statements Tutorial
SQL Prepared Statements Tutorial
 
Database Basics
Database BasicsDatabase Basics
Database Basics
 
Implementing the Adapter Design Pattern
Implementing the Adapter Design PatternImplementing the Adapter Design Pattern
Implementing the Adapter Design Pattern
 
Intercepting Filters Design Pattern
Intercepting Filters Design PatternIntercepting Filters Design Pattern
Intercepting Filters Design Pattern
 
Creating Dynamic Objects PHP
Creating Dynamic Objects PHPCreating Dynamic Objects PHP
Creating Dynamic Objects PHP
 
PV Standard Search Query
PV Standard Search QueryPV Standard Search Query
PV Standard Search Query
 
Prodigyview XML COnfiguration File
Prodigyview XML COnfiguration FileProdigyview XML COnfiguration File
Prodigyview XML COnfiguration File
 
Learning PHP Basics Part 2
Learning PHP Basics Part 2Learning PHP Basics Part 2
Learning PHP Basics Part 2
 

Dernier

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Dernier (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 

Securing Login Credentials - SALT Tutorial

  • 1. Creating A Secure Login www.prodigyview.com
  • 2. Storing A User’s Password Standard issue for having access to a site is a user’s password with an association to a username or email address. BAD PRACTICE !!!! www.prodigyview.com
  • 3. Storing Passwords in Plain Text On the previous slide, the password was in plain text. THIS IS VERY BAD PRACTICE! 1. If the database is hacked/stolen, users account will be at risk. 2. The user’s information could be at risk from members of the internal organization
  • 4. MD5 Hashing One answer to solving the problem is MD5 hashing. Before the password is actually inserted in the database, hash it with md5.
  • 5. Problem with MD5 Hash MD5 hashing is great, except for one small problem. There is a dictionary list of md5 hashes. Just Google the hashed code and see for yourself. www.prodigyview.com
  • 6. Dictionary List and Attacks A dictionary list is a library of hashed values and their corresponding unhashed strings. In other words, it’s a way of decoding md5 hashed passwords. A dictionary list can be built using other hashing algorithms such as sha1(). How do we get around this? www.prodigyview.com
  • 7. SALT! Salt is adding a string of text as part of the encryption process. This can prevent basic dictionary list from being formed.
  • 8. Google the SALTed Hash A Google search for the salted hash will give these results. This is what we want. www.prodigyview.com
  • 9. A Small Problem with SALT We are about to make things a little more complex. SALT is great because is HARD to make a dictionary list but NOT IMPOSSIBLE. The way around this problem to find some way making a unique SALT for each user. Our next slide is one of many ways of making a unique SALT for extra security. www.prodigyview.com
  • 10. Use Two IDs A user login’s with their email and password. For our salt to work, lets add in a third login field. Make each user have their own unique pin number that is required to login. The pin number will be the SALT.
  • 11. PHP Crypt PHP has a function design for securing a user’s password. It will use standard Unix DES algorithm but can be configured to use others. The function also supports SALT. http://php.net/manual/en/function.crypt.php
  • 12. More Tutorials For more tutorials, please visit: http://www.prodigyview.com/tutorials www.prodigyview.com