SlideShare une entreprise Scribd logo

An Introduction to Hashing and Salting

Télécharger en tant que ODP, PDF
Rahul Singh
Rahul Singh

An Introduction to Hashing and Salting - Secure way of Storing User Credentials

Technologie
1  sur  18
Secure way of Storing User Credentials An Introduction to Hashing and Salting
Why do I need a password anyway?
Why do I need a password anyway? Personal Computers If someone else gains access to your account, they may cause you a great deal of trouble ● Deleting your files ● Using it to hack other systems, ● Forging e-mail purporting to come from you
Why do I need a password anyway? (Web Scenario) ● Identifying Users ● Authenticating users for specific areas ● Securing user specific data from other users.
Password on the web - The Problem ● If you have something that is accessible on the web, it can be retrieved.
Lets try to hack a site for Passwords ● SQL Injection Demo
What should be done? ● Storing passwords in such a way that even if users somehow get hold of password hashes they should not be able to extract the passwords out of them.
Storing Passwords as Plain Text ● ● ● There is no security at all Anyone who has access to the database can easily get to know the password of all the users. Even a small part of application that is prone to Sql injection can reveal the password of all the users.
Storing Encrypted Passwords ● The good This approach is better than storing the passwords in plain text. ● The Bad If someone knows the encryption algorithm and the secret key that was used for encryption then he could decrypt the passwords easily
What is Hashing ● ● Hashing is the process of generating a number or a unique string for a larger string message. The hash for every string message should be unique and there is no way the original message can be reproduced from its hash value.
Storing Password Hashes – The Good ● ● ● So the even better approach would be to store the password hashes in the table. This way there is no way to regenerate the password from the hash. Whenever the user tries to log in, we will generate the hash for the password using the same hashing algorithm and then compare it with the hash stored in the database to check whether the password is correct or not.
Storing Password Hashes – The Bad The problem here is that the user1 and user4 choose the same password and thus their generated password hash is also same.
Could we not device a technique which will store provide us all the benefits of hashing and will also remove the limitations associated with it?
Salting and Hashing of Passwords ● ● Salting is a technique in which we add a random string to the user entered password and then hash the resulting string. Even if two people have chosen the same password, the salt for them will be different.
Lets visualize it Even though the user1 and user4 has chosen same password their salt value is different and thus the resultant hash value is also different.
User Creation Process 1. User enters a password. 2. A random salt value is generated for the user. 3. The salt value is added to the password and a final string is generated. 4. The hash for the final string is calculated. 5. The hash and the salt is stored in the database for this user.
User tries to log in 1. User enters his user id. 2. The user is used to retrieve the users password hash and salt stored in the database. 3. The user enters his password. 4. The retrieved salt is added to this password and a final string is generated. 5. The hash for the final string is calculated. 6. This calculated hash is compared with the hash value retrieved from the database. 7. If it matches the password is correct otherwise not.
References ● ● http://www.codeproject.com/Articles/608860/A-Beginners-Tutor Self Pace training kit (MCTS 70-516) – Chapter 8, Lesson 3.

Recommandé

Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITYSupanShah2
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Rainbow Tables
Rainbow TablesRainbow Tables
Rainbow TablesPanggi Libersa
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondJim Fenton
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingHajer alriyami
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Password Policy and Account Lockout Policies
Password Policy and Account Lockout PoliciesPassword Policy and Account Lockout Policies
Password Policy and Account Lockout Policiesanilinvns
 

Recommandé

Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITYSupanShah2
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Rainbow Tables
Rainbow TablesRainbow Tables
Rainbow TablesPanggi Libersa
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondJim Fenton
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingHajer alriyami
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Password Policy and Account Lockout Policies
Password Policy and Account Lockout PoliciesPassword Policy and Account Lockout Policies
Password Policy and Account Lockout Policiesanilinvns
 
Cryptography
CryptographyCryptography
CryptographyIGZ Software house
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptographyHossain Md Shakhawat
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Cryptography
CryptographyCryptography
CryptographyJens Patel
 
Encryption
EncryptionEncryption
Encryptionkeith dias
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Message digest 5
Message digest 5Message digest 5
Message digest 5Tirthika Bandi
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryptionDR RICHMOND ADEBIAYE
 
Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
Cryptography
CryptographyCryptography
Cryptographyjayashri kolekar
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Sirius
 
Cryptography
CryptographyCryptography
CryptographyRutuja Solkar
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101n|u - The Open Security Community
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
Module 4 Cyber Security Vulnerabilities& Safe Guards
Module 4 Cyber Security Vulnerabilities& Safe GuardsModule 4 Cyber Security Vulnerabilities& Safe Guards
Module 4 Cyber Security Vulnerabilities& Safe GuardsSitamarhi Institute of Technology
 
Advanced encryption standard (aes)
Advanced encryption standard (aes)Advanced encryption standard (aes)
Advanced encryption standard (aes)farazvirk554
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
Message queues
Message queuesMessage queues
Message queuesAhmad karawash
 
Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashingfangjiafu
 

Contenu connexe

Tendances

Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Sirius
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
Advanced encryption standard (aes)
Advanced encryption standard (aes)Advanced encryption standard (aes)
Advanced encryption standard (aes)farazvirk554
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 

Tendances (20)

Cryptography
CryptographyCryptography
Cryptography
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptography
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Cryptography
CryptographyCryptography
Cryptography
 
Encryption
EncryptionEncryption
Encryption
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Message digest 5
Message digest 5Message digest 5
Message digest 5
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryption
 
Brute force attack
Brute force attackBrute force attack
Brute force attack
 
Cryptography
CryptographyCryptography
Cryptography
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecurity
 
Module 4 Cyber Security Vulnerabilities& Safe Guards
Module 4 Cyber Security Vulnerabilities& Safe GuardsModule 4 Cyber Security Vulnerabilities& Safe Guards
Module 4 Cyber Security Vulnerabilities& Safe Guards
 
Advanced encryption standard (aes)
Advanced encryption standard (aes)Advanced encryption standard (aes)
Advanced encryption standard (aes)
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 

En vedette

Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashingfangjiafu
 
Password hashing, salting, bycrpt
Password hashing, salting, bycrptPassword hashing, salting, bycrpt
Password hashing, salting, bycrptAhmad karawash
 
Disclosing password hashing policies
Disclosing password hashing policiesDisclosing password hashing policies
Disclosing password hashing policiesMichal Špaček
 
Food preservation methodology report
Food preservation methodology reportFood preservation methodology report
Food preservation methodology reportAlvino rock
 
Meat Preservation--- Salting
Meat Preservation--- SaltingMeat Preservation--- Salting
Meat Preservation--- SaltingNathalie Dausin
 
Fish cookery
Fish cookeryFish cookery
Fish cookeryharmanihm
 

En vedette (20)

Message queues
Message queuesMessage queues
Message queues
 
Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashing
 
Password hashing, salting, bycrpt
Password hashing, salting, bycrptPassword hashing, salting, bycrpt
Password hashing, salting, bycrpt
 
Hashing
HashingHashing
Hashing
 
Disclosing password hashing policies
Disclosing password hashing policiesDisclosing password hashing policies
Disclosing password hashing policies
 
1371 silver[1]
1371 silver[1]1371 silver[1]
1371 silver[1]
 
Food preservation methodology report
Food preservation methodology reportFood preservation methodology report
Food preservation methodology report
 
Meat Preservation--- Salting
Meat Preservation--- SaltingMeat Preservation--- Salting
Meat Preservation--- Salting
 
NS2 3.4 Fronts and Storms
NS2 3.4 Fronts and StormsNS2 3.4 Fronts and Storms
NS2 3.4 Fronts and Storms
 
Hashing
HashingHashing
Hashing
 
Skinless longganisa making
Skinless longganisa makingSkinless longganisa making
Skinless longganisa making
 
John Dewey's Philosophy
John Dewey's PhilosophyJohn Dewey's Philosophy
John Dewey's Philosophy
 
Ch17 Hashing
Ch17 HashingCh17 Hashing
Ch17 Hashing
 
Fish cookery
Fish cookeryFish cookery
Fish cookery
 
Key concepts of Piaget's Cognitive Development Theory
Key concepts of Piaget's Cognitive Development TheoryKey concepts of Piaget's Cognitive Development Theory
Key concepts of Piaget's Cognitive Development Theory
 
Ch14 fish and shelfish
Ch14 fish and shelfishCh14 fish and shelfish
Ch14 fish and shelfish
 
Butter making
Butter makingButter making
Butter making
 
Fish cookery
Fish cookeryFish cookery
Fish cookery
 
Butter
ButterButter
Butter
 
Fish cuts
Fish cutsFish cuts
Fish cuts
 

Similaire à An Introduction to Hashing and Salting

Password best practices and the last pass hack
Password best practices and the last pass hackPassword best practices and the last pass hack
Password best practices and the last pass hackKevin OBrien
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2Iftach Ian Amit
 
IRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJSIRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJSIRJET Journal
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based SecurityRare Input
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and crackingNipun Joshi
 
A Survey of Password Attacks and Safe Hashing Algorithms
A Survey of Password Attacks and Safe Hashing AlgorithmsA Survey of Password Attacks and Safe Hashing Algorithms
A Survey of Password Attacks and Safe Hashing AlgorithmsIRJET Journal
 
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon
 
Password Storage Explained
Password Storage ExplainedPassword Storage Explained
Password Storage Explainedjeetendra mandal
 
Storing passwords-honey words
Storing passwords-honey wordsStoring passwords-honey words
Storing passwords-honey wordskandulasindhu
 
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET Journal
 
Honeywords - BSides London 2014
Honeywords - BSides London 2014Honeywords - BSides London 2014
Honeywords - BSides London 2014Gavin Holt
 
All Your Password Are Belong To Us
All Your Password Are Belong To UsAll Your Password Are Belong To Us
All Your Password Are Belong To UsCharles Southerland
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Fego Ogwara
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
Honeywords for Password Security and Management
Honeywords for Password Security and ManagementHoneywords for Password Security and Management
Honeywords for Password Security and ManagementIRJET Journal
 

Similaire à An Introduction to Hashing and Salting (20)

Password best practices and the last pass hack
Password best practices and the last pass hackPassword best practices and the last pass hack
Password best practices and the last pass hack
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2
 
IRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJSIRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJS
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based Security
 
Passwords
PasswordsPasswords
Passwords
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
 
A Survey of Password Attacks and Safe Hashing Algorithms
A Survey of Password Attacks and Safe Hashing AlgorithmsA Survey of Password Attacks and Safe Hashing Algorithms
A Survey of Password Attacks and Safe Hashing Algorithms
 
Honey words
Honey wordsHoney words
Honey words
 
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011
 
Password Storage Explained
Password Storage ExplainedPassword Storage Explained
Password Storage Explained
 
Storing passwords-honey words
Storing passwords-honey wordsStoring passwords-honey words
Storing passwords-honey words
 
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
 
P@ssw0rds
P@ssw0rdsP@ssw0rds
P@ssw0rds
 
Honeywords - BSides London 2014
Honeywords - BSides London 2014Honeywords - BSides London 2014
Honeywords - BSides London 2014
 
All Your Password Are Belong To Us
All Your Password Are Belong To UsAll Your Password Are Belong To Us
All Your Password Are Belong To Us
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You Eat
 
Honeywords for Password Security and Management
Honeywords for Password Security and ManagementHoneywords for Password Security and Management
Honeywords for Password Security and Management
 
Password Attack
Password AttackPassword Attack
Password Attack
 

Dernier

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Dernier (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

An Introduction to Hashing and Salting

  • 1. Secure way of Storing User Credentials An Introduction to Hashing and Salting
  • 2. Why do I need a password anyway?
  • 3. Why do I need a password anyway? Personal Computers If someone else gains access to your account, they may cause you a great deal of trouble ● Deleting your files ● Using it to hack other systems, ● Forging e-mail purporting to come from you
  • 4. Why do I need a password anyway? (Web Scenario) ● Identifying Users ● Authenticating users for specific areas ● Securing user specific data from other users.
  • 5. Password on the web - The Problem ● If you have something that is accessible on the web, it can be retrieved.
  • 6. Lets try to hack a site for Passwords ● SQL Injection Demo
  • 7. What should be done? ● Storing passwords in such a way that even if users somehow get hold of password hashes they should not be able to extract the passwords out of them.
  • 8. Storing Passwords as Plain Text ● ● ● There is no security at all Anyone who has access to the database can easily get to know the password of all the users. Even a small part of application that is prone to Sql injection can reveal the password of all the users.
  • 9. Storing Encrypted Passwords ● The good This approach is better than storing the passwords in plain text. ● The Bad If someone knows the encryption algorithm and the secret key that was used for encryption then he could decrypt the passwords easily
  • 10. What is Hashing ● ● Hashing is the process of generating a number or a unique string for a larger string message. The hash for every string message should be unique and there is no way the original message can be reproduced from its hash value.
  • 11. Storing Password Hashes – The Good ● ● ● So the even better approach would be to store the password hashes in the table. This way there is no way to regenerate the password from the hash. Whenever the user tries to log in, we will generate the hash for the password using the same hashing algorithm and then compare it with the hash stored in the database to check whether the password is correct or not.
  • 12. Storing Password Hashes – The Bad The problem here is that the user1 and user4 choose the same password and thus their generated password hash is also same.
  • 13. Could we not device a technique which will store provide us all the benefits of hashing and will also remove the limitations associated with it?
  • 14. Salting and Hashing of Passwords ● ● Salting is a technique in which we add a random string to the user entered password and then hash the resulting string. Even if two people have chosen the same password, the salt for them will be different.
  • 15. Lets visualize it Even though the user1 and user4 has chosen same password their salt value is different and thus the resultant hash value is also different.
  • 16. User Creation Process 1. User enters a password. 2. A random salt value is generated for the user. 3. The salt value is added to the password and a final string is generated. 4. The hash for the final string is calculated. 5. The hash and the salt is stored in the database for this user.
  • 17. User tries to log in 1. User enters his user id. 2. The user is used to retrieve the users password hash and salt stored in the database. 3. The user enters his password. 4. The retrieved salt is added to this password and a final string is generated. 5. The hash for the final string is calculated. 6. This calculated hash is compared with the hash value retrieved from the database. 7. If it matches the password is correct otherwise not.