Why is password security so complex_ _ gulfnews. com

.

Whether it is Yahoo, MySpace or TalkTalk, personal information has been stolen by hackers from around the world. Binary list But with each hack there’s the big question of how well the site protected its users’ data. Us stock market futures bloomberg Was it open and freely available, or was it hashed, secured and practically unbreakable? From cleartext to hashed, salted, peppered and bcrypted, here’s what the impenetrable jargon of password security really means.

n Plaintext: When something is described being stored as “cleartext” or as “plain text” it means that thing is in the open as simple text — with no security beyond a simple access control to the database, which contains it. Fraction to decimal conversion chart If you have access to the database containing the passwords you can read them just as you can read the text on this page.


n Hashing: when a password has been “hashed”, means it has been turned into a scrambled representation of itself. Usd to jpy A user’s password is taken and — using a key known to the site — the hash value is derived from the combination of both the password and the key, using a set algorithm. 10101 binary To verify a user’s password is correct it is hashed and the value compared with that stored on record each time they login. Gold chart 2016 You cannot directly turn a hashed value into the password, but you can work out what the password is if you continually generate hashes from passwords until you find one that matches, a so-called brute-force attack, or similar methods.

n Salting: Passwords are often described as “hashed and salted”. Usd to yen conversion Salting is simply the addition of a unique, random string of characters known only to the site to each password before it is hashed, typically this “salt” is placed in front of each password. Stock market futures definition The salt value needs to be stored by the site, which means sometimes sites use the same salt for every password. Binary pdf This makes it less effective than if individual salts are used. Commodity definitions The use of unique salts means that common passwords shared by multiple users — such as “123456” or “password” — aren’t immediately revealed when one such hashed password is identified — because despite the passwords being the same, the salted and hashed values are not. Fx rate cad usd Large salts also protect against certain methods of attack on hashes, including rainbow tables or logs of hashed passwords previously broken. Euro to aud chart Both hashing and salting can be repeated more than once to increase the difficulty in breaking the security.

n Peppering Cryptographers: A “pepper” is similar to a salt — a value added to the password before being hashed — but typically placed at the end of the password. Us to rmb exchange rate There are broadly two versions of pepper. Rmb conversion to usd The first is simply a known secret value added to each password, which is only beneficial if it is not known by the attacker. Dollar rupee exchange rate today The second is a value that’s randomly generated but never stored. Yen to usd That means every time a user attempts to log into the site it has to try multiple combinations of the pepper and hashing algorithm to find the right pepper value and match the hash value. Us stock market today Even with a small range in the unknown pepper value, trying all the values can take minutes per login attempt, so is rarely used.

n Encryption: Encryption, like hashing, is a function of cryptography, but the main difference is that encryption is something you can undo, while hashing is not. Funny quotes about love and life If you need to access the source text to change it or read it, encryption allows you to secure it but still read it after decrypting it. Exchange rate pound to us dollar Hashing cannot be reversed, which means you can only know what the hash represents by matching it with another hash of what you think is the same information. Ft future of marketing summit 2016 If a site such as a bank asks you to verify particular characters of your password, rather than enter the whole thing, it is encrypting your password as it must decrypt it and verify individual characters rather than simply match the whole password to a stored hash.

n Hexadecimal: A hexadecimal number, also simply known as “hex” or “base 16”, is way of representing values of zero to 15 as using 16 separate symbols. Usd to inr conversion rate The numbers 0-9 represent values zero to nine, with a, b, c, d, e and f representing 10-15. Convert nzd to usd They are widely used in computing as a human-friendly way of representing binary numbers. Usd to pound conversion Each hexadecimal digit represents four bits or half a byte.

The algorithms MD5 Originally designed as a cryptographic hashing algorithm, first published in 1992, MD5 has been shown to have extensive weaknesses, which make it relatively easy to break. Python tutorial download Its 128-bit hash values, which are quite easy to produce, are more commonly used for file verification to make sure that a downloaded file has not been tampered with. Silver chart price It should not be used to secure passwords.

n Secure Hash Algorithm 1 (SHA-1): This is cryptographic hashing algorithm originally designed by the US National Security Agency in 1993 and published in 1995. Australian dollar trend 2016 It generates 160-bit hash value that is typically rendered as a 40-digit hexadecimal number. Stock market futures bloomberg As computational power has increased the number of brute-force guesses a hacker can make for an efficient hashing algorithm has increased exponentially. Malaysian ringgit to usd history Bcrypt, which is based on the Blowfish cipher and includes a salt, is designed to protect against brute-force attacks by intentionally being slower to operate. Convert aed to usd It has a so-called work factor that effectively puts your password through a definable number of rounds of extension before being hashed. Aud to usd graph By increasing the work factor it takes longer to brute-force the password and match the hash.

The theory is that the site owner sets a sufficiently high-enough work factor to reduce the number of guesses today’s computers can make at the password and extend the time from days or weeks to months or years, making it prohibitively time consuming and expensive.

n Password-Based Key Derivation Function 2 (PBKDF2): Developed by RSA Laboratories, this is another algorithm for key extension that makes hashes more difficult to brute force.

n Scrypt: Scrypt like Bcrypt and PBKDF2 is an algorithm that extends keys and makes it harder to brute-force attack a hash. World stock market futures bloomberg Unlike PBKDF2, however, scrypt is designed to use either a large amount of computer memory or force many more calculations as it runs.

For legitimate users having to only hash one password to check if it matches a stored value, the cost is negligible. Binary code to english But for someone attempting to try 100,000s of passwords it makes cost of doing so much higher or take prohibitively long. Euro football scores But what about the passwords? The longer the password, the longer the brute-force attack is going to last. Stock market futures 2014 And the longer the brute-force attack required, the more time-consuming and expensive it is to match the hash and discover the password. Financial futures market Which means, the longer the password the better, but the configuration of the password also makes a difference. Call option definition A truly random eight-character password will be more secure than an eight-letter dictionary word, because brute-force attacks use dictionaries, names and other lists of words as fodder.


banner