Finally, salting means that it is impossible to determine whether two users have the same password without cracking the hashes, as the different salts will result in different hashes even if the passwords are the same. Salting also protects against an attacker pre-computing hashes using rainbow tables or database-based lookups. This makes cracking large numbers of hashes significantly harder, as the time required grows in direct proportion to the number of hashes. As the salt is unique for every user, an attacker has to crack hashes one at a time using the respective salt rather than calculating a hash once and comparing it against every stored hash. Password Storage Concepts ¶ Salting ¶Ī salt is a unique, randomly generated string that is added to each password as part of the hashing process. It is your responsibility as an application owner to select a modern hashing algorithm. Strong passwords stored with modern hashing algorithms and using hashing best practices should be effectively impossible for an attacker to crack. While the number of permutations can be enormous, with high speed hardware (such as GPUs) and cloud services with many servers for rent, the cost to an attacker is relatively small to do successful password cracking especially when best practices for hashing are not followed.
0 Comments
Leave a Reply. |