wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

Hash password! Is it really secured?

profile
Uzma Behlim
Aug 13, 2022
3 Likes
0 Discussions
158 Reads

In our daily lives we tend to enter passwords over multiple places including our bank accounts, mobile Lock Screen, website or application login and many more places.

Have you ever wondered, how the passwords are stored or how they travel through the network?

If all information were plaintext and had no encryption or cryptography surrounding it, sensitive materials like password information, health records, and even bank account information could be stolen and sold to the highest bidder. One of the first steps of basic security hygiene is to not store sensitive data in plaintext—especially passwords. This is where password hashing comes in.

Password hashing is used to verify the integrity of your password, sent during login, against the stored hash so that your actual password never has to be stored. Not all cryptographic algorithms are suitable for the modern industry.

If the passwords are hashed then how are accounts compromised?

There are many ways to hack into an account. Password cracking is one of them – involves using various computational and other methods to break through the password authentication step.

Even the passwords can be cracked by using different methods. Password cracking means recovering passwords from a computer or from data that a computer transmits. This doesn’t have to be a sophisticated method. A brute-force attack where all possible combinations are checked is also password cracking.

Rainbow Tables

Rainbow tables are tables of reversed hashes used to crack password hashes. Computer systems requiring passwords typically store the passwords as a hash value of the user's password. When a computer user enters a password, the system hashes the password and compares it to the stored hash.

It is a table of commonly used password and their hash combinations to match with the plain text and guess the password. These are easily available on google and are downloadable in csv form

Now, here, there is something to be noted! The passwords cracked using the methods given above are for unsalted hashed password.

Yeah! There exists a concept called salting, which makes it impossible to use lookup tables and rainbow tables to crack a hash.

Lookup tables and rainbow tables only work because each password is hashed the exact same way. If two users have the same password, they'll have the same password hashes. We can prevent these attacks by randomizing each hash, so that when the same password is hashed twice, the hashes are not the same.

We can randomize the hashes by appending or prepending a random string, called a salt, to the password before hashing. As shown in the example above, this makes the same password hash into a completely different string every time. To check if a password is correct, we need the salt, so it is usually stored in the user account database along with the hash, or as part of the hash string itself.

The salt does not need to be secret. Just by randomizing the hashes, lookup tables, reverse lookup tables, and rainbow tables become ineffective. An attacker won't know in advance what the salt will be, so they can't pre-compute a lookup table or rainbow table. If each user's password is hashed with a different salt, the reverse lookup table attack won't work either.

 


Comments ()


Sign in

Read Next

Virtual Memory

Blog banner

Video games

Blog banner

Cyber Bullying - Neeta Vonkamuti

Blog banner

How covid-19 impacted Social media ad spend forecast globally

Blog banner

What is Influencer Marketing and its Trends

Blog banner

Dangers of Using Public WiFis

Blog banner

Memory management and virtual memory

Blog banner

12 Principles of Animation

Blog banner

ROLE OF THE COMPUTER FORENSICS TOOLS AND TECHNIQUES

Blog banner

Mumbai Metro 3

Blog banner

Concurrency and memory

Blog banner

Data Science in Healthcare: Predicting Diseases

Blog banner

MAJOR ACHIEVEMENTS OF OS

Blog banner

Deadlocks in Operating System

Blog banner

Current Trends in GIS and Remote Sensing(Ocean Applications)

Blog banner

Every body is beautiful

Blog banner

Memory Management in Operating System

Blog banner

The Dark Web: A Breeding Ground for Cybercriminals – How to Guard Against Threats

Blog banner

Importance Of Education.

Blog banner

MEMORY FORENSIC ACQUISITION AND ANALYSISOF MEMORY AND ITS TOOLS COMPARISON

Blog banner

IT security management

Blog banner

How Does SSO Works

Blog banner

Types of Hackers

Blog banner

Data carving - using hex editor

Blog banner

BUFFER OVERFLOW_142

Blog banner

What is the point of living if we can die at any moment of our lives ?

Blog banner

ADD A SPICE TO YOUR LIFE.

Blog banner

An Overivew Of Cache Memory

Blog banner

CSI and Organizational Change

Blog banner

virtual machines and virtualization

Blog banner

Technical SEO : Total Guide

Blog banner

Explain Multiprocessors

Blog banner

Deadlock in operating system

Blog banner

Time Series Analysis

Blog banner

Blockchain technology: security risk and prevention

Blog banner

The Role of Cyber Forensics in Criminology

Blog banner

Starvation and Deadlock.

Blog banner

Blog on Smartsheet.

Blog banner

E-BUSINESS RISK MANAGEMENT

Blog banner

Mumbai local ......

Blog banner

History of Money

Blog banner

In the world of Technology...

Blog banner