Secure Password Hashing - Doing it Right

I confess to being confused about "salting", thinking it and hashing algorithms were one of the same I now understand they are two different things, that when done properly and combined with strong hashing algorithms (as long as inferior hashing such as MD5, SHA1, and SHA2 isn't used) can help protect passwords on web server account databases.

it turns out regarding the Linkedin breech of > 6 million passwords, the hashing used was only SHA 1 with no salting!

Here's some interesting info on how web developers should protect passwords, with lots of insight into hashing and salting techniques, and how cracking of passwords is generally done:

-https://crackstation.net/hashing-security.htm

 

some cool websites

this one hashes your password to unsalted SHA-256:

-http://hash.online-convert.com/sha256-generator

EDIT another online hash calculator with more hashing types:

-http://www.fileformat.info/tool/hash.htm

then you can copy/paste the converted hex hash into this one and attempt to crack it:

-https://crackstation.net/

*note* this is only for unsalted hashes.

 

For those that don't want to use websites to generate hashes of text, you can instead use programs such as Hash Generator.