Password hashing and Dictionary AttacksSecure Coding Course

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Courses Secure Coding Course Password hashing and Dictionary Attacks

This topic contains 2 replies, has 3 voices, and was last updated by  Apáti László 3 years, 8 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • #76582


    In ”Module 02 OWASP Top 10 A2 Broken Authentication and Session Management” in Part 2 Explanations (07.40) it mentions Passwords not hashed (Dictionary Attacks) . How is not hashing passwords inside a database assisting an attacker in a Dictionary Attack such in a logging screen of a web application?


    Paul Rouk

    The link below is for an excellent article which discusses how passwords should be handled. They go through a five step discussion of how to store passwords safely.

    Rule 1 — NEVER store the actual password in plaintext form
    Rule 2 — NEVER store the actual password even if it is encrypted
    Rule 3 — always HASH the password and then store the hash (NOT the actual password)
    Rule 4 — always use a SALT with the hash for extra protection
    Rule 5 — always STRETCH the hash to slow down attempts to brute force guess the password

    I’ll let you read the article for the specific details.

    Serious Security: How to store your users’ passwords safely


    Apáti László

    Sometimes password hash is enough to win for an attacker…

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?