With the rise in cybersecurity threats, having a strong, secure password has become more critical than ever. In fact, did you know that the key reason behind in 2019 was password compromise? 80% of data breaches Even though “password-protected” electronic devices and accounts are considered safe, studies show that your personal and other highly confidential data are more susceptible to hacker attacks. This often happens when the users choose to use passwords that are relatable and easy to remember. Also, tend to reuse passwords across multiple sites . 65% of users No matter how evolved your password generation technology is, the hackers are also getting smarter. This paves the way for better authentication mechanisms, like password hashing. What is Password Hashing and How It Works? Password hashing can reduce the number of unauthorized access to your database by creating original passwords which are not leaked or available to the hackers. It basically means carrying out a non-reversible transformation of the plain password into a fixed-length alphanumeric string called hashed password. For example, hash( ) = cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 "hello" 2 hash( ) = c05c68dfac9866712fad6a93f8146f337a69afe7dd238f3364946366 "hbllo" 58756879 hash( ) = c0e81794384491161f1777c232bc6bd9ec38f616560b120fda8e90f383853542 "waltz" This can be done using hashing algorithms. These hashed passwords are stored in the authentication database. Whenever you log in, the entered password is hashed using the same algorithm and matched with the stored hash. If it matches, then you will be able to access the data. Even though does solve one of the most common issues related to password security, it is not completely secure. Since we are using the same hash algorithm, one input will always produce the same output. This means if the hackers can crack the password of one account, they can access all other accounts bearing the same password, making your electronic devices and accounts vulnerable to a data breach. password hashing The hashed passwords can be cracked with: Dictionary Attacks Cyber attackers use files containing common words, phrases, passwords that are most likely to be used as a password. And each word in the file is hashed and matched with the password hash to access the account. Brute Force Attacks Here, the attackers try out every possible combination of the password characters, up to a particular length. It is basically a trial-and-error to guess method. Lookup Tables In this method, the password hashes are pre-computed with a password dictionary. This will be stored along with their password in a lookup table data structure, using which you can carry out hundreds of hash lookups per second. Reverse Lookup Tables At first, the attackers will build a lookup table with the password hash of user accounts. Then another table containing hashes with guessed passwords is also created. Then these two are compared to guess the original password. Rainbow Tables It is similar to the look-up table technique, but in this case, the lookup table is smaller, allowing faster password search. This means that the security of the hashed passwords should be improved. And this can be done with salted password hashing. What is a Password Salt? Password Salt is the method of adding a random string to your password before passing it through a hash function.  This string can be either appended or prepended. This will help in producing a unique hash value even for the same password. For example, hash( ) = cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 "hello" 2 hash( + ) = c863f84a31e719795b2577523954739fe5ed3b58a75cff2127075ed1 "hello" "QxLUF1bgIAdeQX" 9e209040 hash( + ) = d1d3ec2e6f20fd420d50e2642992841d8338a314b8ea157c9e18477aaef226ab "hello" "bv5PehSMfV11Cd" This means that the attackers won’t be able to guess the salt or random string, and the various hash hacking methods like lookup tables, reverse lookup tables, and rainbow tables will not work this time. The problem with the password salt is that the protection offered by it is limited. For example, suppose the hacker is hacking with a credential stuffing attack, which is the same as a brute force attack where the attacker will try out every possible combination of the password characters. In that case, the legitimate server will be carrying out salting and hashing. Thus, even the salting of passwords cannot help you from the inevitable data breach. Also, if two users in an organization opt for the same password, there will be identical hashes. This means that if the hacker gains access to the hash database, they will be able to determine which users have identical passwords. And they will be able to hack into both the user accounts by cracking one. The same can happen if all the user accounts in an organization use a single-use single salt. Therefore, while implementing password salt, make sure that you are using an entirely different random salt for each user account. Another method similar to salting passwords is adding some pepper to them. Here, a secret key is added to the password before it is hashed. Conclusion In this digital era, where data has become so valuable, it is important to adopt technologies that can prevent critical data from falling into the wrong hands. And is one of the most effective ways to make your passwords more safe and secure. password salt

Different

Adding a Little Salt to Passwords Can Improve Security

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Authentication Vs. Authorization [Infographic]

How Hackers Bypass Multifactor Authentication

How I Hacked and Stole the Data of the CEO, CTO and Other Staff at a Company

10 Reasons to Get Your Cybersecurity Certification

3 Big Companies That Majorly Compromised Their Customers’ Security in 2018

2 Million Fitbit Accounts Were Exposed by Cybercriminals

Authentication Vs. Authorization [Infographic]

How Hackers Bypass Multifactor Authentication

How I Hacked and Stole the Data of the CEO, CTO and Other Staff at a Company

10 Reasons to Get Your Cybersecurity Certification

3 Big Companies That Majorly Compromised Their Customers’ Security in 2018

2 Million Fitbit Accounts Were Exposed by Cybercriminals

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps