Encryption Hashing Salting

Encryption

Applying some sort of algorithms to scramble sensitive information like passwords. Encrypted information can be decrypted as well. This is 2 way. ROT13 is a simple example of an encryption algorithm. It basically replaces each letter with one 13 places away in the alphabet. But it is a very weak algorithm. The web browser we are using to read this on is also using encryption. The server encrypts the data, sends it over a secure SSL connection to your browser, which decrypts it so you can read it.
1. One Way
2. Weak
3. Not a good fit for the passwords

Hashing

Hashing is one way. Once a sensitive information is encoded it can’t be decoded or at least very difficult to decode. Unlike encryption, the output is always of a fixed length, depending on the algorithm you use. There are multiple algorithms are available MD5, SHA1, SHA2 etc

Commonly used hashing algorithms include Message Digest (MDx) algorithms, such as MD5, and Secure Hash Algorithms (SHA), such as SHA-1 and the SHA-2 family that includes the widely used SHA-256 algorithm. Google recommends using stronger hashing algorithms such as SHA-256 and SHA-3.

In bitcoin, integrity and block-chaining use the SHA-256 algorithm as the underlying cryptographic hash function. Let’s look at a hashing example using SHA-256.

  1. One way
  2. Secure
  3. fixed length

Salting

Salt works by adding an extra secret value to the end of the input, extending the length of the original password. The reason that salts are used is that people tend to choose the same passwords, and not at all randomly. Many used passwords out there are short real words, to make it easy to remember, but this also enables for an attack.A salt is simply added to make a password hash output unique even for users adopting common passwords. Its purpose is to make pre-computation based attacks unhelpful. If your password is stored with a unique salt then any pre-computed password-hash table targeting unsalted password hashes or targeting an account with a different salt will not aid in cracking your account’s password. A long randomly generated salt is expected to be globally unique. Thus salts can be used to make pre-computation attacks totally ineffective. e.g. Brute Force attacks etc

  1. pre-computed
  2. extending complexity for the hashing
  3. safe from attacks
  4. extra security

Leave a Reply

Your email address will not be published. Required fields are marked *