Password hashing and Dictionary AttacksSecure Coding Course

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Courses Secure Coding Course Password hashing and Dictionary Attacks

This topic contains 2 replies, has 3 voices, and was last updated by  Apáti László 2 years, 9 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #76582

    hello_world
    Participant

    In ”Module 02 OWASP Top 10 A2 Broken Authentication and Session Management” in Part 2 Explanations (07.40) it mentions Passwords not hashed (Dictionary Attacks) . How is not hashing passwords inside a database assisting an attacker in a Dictionary Attack such in a logging screen of a web application?

    #76802

    Paul Rouk
    Participant

    The link below is for an excellent article which discusses how passwords should be handled. They go through a five step discussion of how to store passwords safely.

    Rule 1 — NEVER store the actual password in plaintext form
    Rule 2 — NEVER store the actual password even if it is encrypted
    Rule 3 — always HASH the password and then store the hash (NOT the actual password)
    Rule 4 — always use a SALT with the hash for extra protection
    Rule 5 — always STRETCH the hash to slow down attempts to brute force guess the password

    I’ll let you read the article for the specific details.

    Serious Security: How to store your users’ passwords safely

    #80336

    Apáti László
    Participant

    Sometimes password hash is enough to win for an attacker…

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel