Password Hashing

Vít Koma 

Why Hashing

Problem:
What if an attacker steals a database with stored user accounts?

Solution:
Store passwords transformed with a one-way function.

Hash Functions

  • Map input to a fixed-length result
  • One-way functions
  • Collision resistant
  • Small change in input leads to a completely different result
  • Standardized: SHA-256, SHA-512, Whirlpool
    • Do not try to invent your own algorithm
    • Do not code your own implementation of a standard aglorithm

Why Salting

Problem:
Efficient attacks on hashes exist
  • Lookup tables
  • Reverse lookup tables
  • Rainbow tables

    • Solution:
    Randomize hash

    Salt

    = string concut with password before hashing

    • unique for every user
    • not too short
    • random 

    Resources

    Password Hashing

    By Vit Koma

    Made with Slides.com

    Password Hashing

    • 433

    More from Vit Koma