Are You Adding Salt and Pepper to Your Security Recipe?

Add Salt and Pepper to Avoid Security Breach

In my earlier days I always had a doubt about how the passwords are stored. When I studied Linux, I found that passwords are stored in /etc/shadow in a hashed format. What will happen if someone takes a copy of this file and try to recover the password. I asked this question to my instructor, but he told me that hashed passwords can’t be recovered and only root user will be able to access this file. I was aware of brute force and dictionary attacks at that time and using those methods, we won’t be able to crack a hashed password.

In 2012, I read about Linkedin password breach and was surprised to see that hashed passwords are getting cracked. How is this possible? The research went to find something known as Rainbow table.


Secure SHA an Enhanced Hashing Mechanism

In recent times, though most applications emphasize its users on keeping strong passwords through stringent password policies, these strong passwords would be effective if and only if they are maintained securely at the back-end. In simpler words we can say, it is of no use having your precious valuables deposited in a bank locker that has no proper security measures to safeguard it for you. Have we ever wondered are our passwords stored securely at the back-end? It is not only an end user's responsibility to use strong passwords, but also the application's responsibility to securely safeguard user's strong passwords.
Though most of us know that the simplest and a safe way of securely storing passwords at the back-end  is by means of Hashing (a one-way crypto operation of transforming the clear text password to a fixed-length cipher text with the help of standards-based hashing algorithms say, SHA-1), there are also few drawbacks associated with this mechanism.


Subscribe to RSS - Hashing