| layout | page |
|---|---|
| title | 401.14 Reading Notes |
| permalink | /401-R14/ |
- BCrypt is a codebase used for hashing passwords (Site here) that can scale in complexity, making it more viable long-term than some solutions developed when computing power was more costly
- Based on the Blowfish code developed by OpenBSD
-
Password hashing: An alternative to cleartext storage of passwords as original input characters-- the hashing process algorithmically generates a new hash (or digest). (Auth0's Tutorial Here)
-
Hashing principles:
-
Deterministic
-
Feasible to generate (practically and computationally)
-
Difficult to reverse-engineer with only the hashed value ("small" input changes have "large" output changes)
-
Best practices change with increased availability of computing power or from known security flaws
-
Some hashing methods can lead to uniform hash length despite variable input size (SHA-256 uses hexadecimal representation)
-
-
Commonly used algorithms include: SHA (Secure Hash Algorithms); MDx (Message Digest);
-
salting: The backend addition/relation of a string to a password to increase complexity. Can be done on an individual user basis. Mitigates the deterministic vulnerability of hashes.
-
Collision Attacks make use of the fact that multiple inputs can have the same hash, leading to potential validation of incorrect or harmful data.