Wednesday, 20 February 2013

What is adding "salt" to a password/hash?

-As U know,Authentication of users is very Needed on a website using a password
-The most obvious solution is to store the raw password in a file and compare that to the password they've entered.
-But, This has the problem that any breach of the password file reveals the user's real passwords.
-These can be used to break into the user's accounts at other sites and raises the severity of the problem from a local issue to one much more severe.

-To solve this problem we can "hash" the password, using a one-way function that converts the plaintext password into a new value.
-It's possible to then compare the hash of the user's input to the stored hash but it's hard to take a particular hash and figure out what password was used to generate it.

"Salting" is a security practice of adding random data (a "salt") to a password before hashing it and storing the hashed value. 
The salt is stored in plaintext.

-It is common to use assumed one-way functions (normally  Hash fun.) to store passwords,
because you never need to recover the encrypted password ,But  you only need to verify that a candidate password is correct.

But, Hashes are deterministic which presents a problem with unsalted password strings.
In the simplest case, if two people chose the same password, then I can tell that their passwords are the same. 
More importantly, if one is  trying to crack a large number of hashed unsalted passwords, any result could hit any of the passwords.

So..By Salting, A Successful Attack can be applied to only one password at a time,
So, is difficult to tell whether two passwords (with uniq salts) are identical.
 eBay Ad:
  Let's Take A Look at  Online Mega Store;
ebay   ebay

om..om.my

0 comments:

Post a Comment