Password Encryption Essay

1334 WordsApr 8, 20136 Pages
Password Encryption, Hashing, Salting Explained November 10, 2009 Introduction Renowned Media has had several questions about password security, one way encryption, password hashes, salting hashes (not a food reference I swear!), the risks of having a database hacked, and the like. This non-technical article will go into detail about these concepts, and will contain a few examples but will not contain any code. Feel free to apply these concepts with any programming language you please. Definitions First, I’m going to explain a few terms and their definitions. • Hash/Signature/Digest – This is an encrypted representation of data. It is technically impossible to return the original data using this string of characters, but you will see methods around this. Two common algorithms for this are the MD5 and SHA1 algorithms. • Salting - If you run a string through and MD5 (or SHA1), you will get the same result. E.g. MD5(“password”) = “5f4dcc3b5aa765d61d8327deb882cf99“. A salt is basically a string that you add to the input string before hashing, e.g. MD5(“password-salted”) = “0f538766ee062336f22a75bd73efddcb“. • Reversible Encryption - This is when you apply an algorithm to a string, and get a different string, which can later be reversed and you can get the original string. For these to be secure, they will require some sort of key/certificate (think password) to get the original value back. An example of this would be the SSH encryption (uses certificates) or the rot13 algorithm (simply shifts characters 13 positions). • Collision - Two different input strings having the same Digest. Concepts Now that you know some of the terms, lets dig in and start explaining some things. For one thing, ever wonder why on most websites you can’t get a copy of your original password back, but you must “reset” it? Most application (at least good/secure

More about Password Encryption Essay

Open Document