Password Protection

Introduction

  • Password will not be stored into database directly

  • Password will be hashed with salt in one-way direction and store in db

  • The stored hashed will used to compare the user entered password to see whether it is matched or not

Salt

  • a salt is a unique, randomly generated string that is added to each password as part of the hashing process

  • Generate unique hash value to prevent from hacker attack

Hacker Attack

Dictionary attack

  • A dictionary attack is a brute-force method that tries to guess a password by using a list of common or likely words, phrases, or combinations.

  • For example, if you want to crack the password of a user named Alice, you might try words like alice, alice123, alice1984, or alice!@#. The dictionary attack can also use variations of these words, such as changing the case, adding numbers or symbols, or using leet speak.

  • Simple and Fast if the dictionary size is small

Rainbow table attack

  • A rainbow table is a precomputed table that stores the hashes and the corresponding plain texts of a large set of possible passwords.

  • It requires lots of space for storage

  • Doing reverse-lookup to find whether the hashed password is existed in the table or not and then find the plain text

  • The efficiency will be higher if the dictionary size is large

PreviousAuthenticationNextCookie & Session

Last updated

Was this helpful?