Secure Password Hashing - Doing it Right

Discussion in 'privacy technology' started by wat0114, Jan 1, 2014.

Thread Status:
Not open for further replies.
  1. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    I confess to being confused about "salting", thinking it and hashing algorithms were one of the same :oops: I now understand they are two different things, that when done properly and combined with strong hashing algorithms (as long as inferior hashing such as MD5, SHA1, and SHA2 isn't used) can help protect passwords on web server account databases.

    it turns out regarding the Linkedin breech of > 6 million passwords, the hashing used was only SHA 1 with no salting!

    Here's some interesting info on how web developers should protect passwords, with lots of insight into hashing and salting techniques, and how cracking of passwords is generally done:

    -https://crackstation.net/hashing-security.htm
     
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    some cool websites :)

    this one hashes your password to unsalted SHA-256:

    -http://hash.online-convert.com/sha256-generator

    EDIT another online hash calculator with more hashing types:

    -http://www.fileformat.info/tool/hash.htm

    then you can copy/paste the converted hex hash into this one and attempt to crack it:

    -https://crackstation.net/

    *note* this is only for unsalted hashes.
     
    Last edited: Jan 1, 2014
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    For those that don't want to use websites to generate hashes of text, you can instead use programs such as Hash Generator.
     
Loading...
Thread Status:
Not open for further replies.