Your SlideShare is downloading. ×
0
Securing Login Credentials - SALT Tutorial
Securing Login Credentials - SALT Tutorial
Securing Login Credentials - SALT Tutorial
Securing Login Credentials - SALT Tutorial
Securing Login Credentials - SALT Tutorial
Securing Login Credentials - SALT Tutorial
Securing Login Credentials - SALT Tutorial
Securing Login Credentials - SALT Tutorial
Securing Login Credentials - SALT Tutorial
Securing Login Credentials - SALT Tutorial
Securing Login Credentials - SALT Tutorial
Securing Login Credentials - SALT Tutorial
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Securing Login Credentials - SALT Tutorial

3,069

Published on

Learn how to create secure logins by properly hashing passwords and using SALT.

Learn how to create secure logins by properly hashing passwords and using SALT.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,069
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
25
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Creating A Secure Login www.prodigyview.com
  • 2. Storing A User’s PasswordStandard issue for having access to a site is a user’spassword with an association to a username or emailaddress. BAD PRACTICE !!!! www.prodigyview.com
  • 3. Storing Passwords in Plain TextOn the previous slide, the password was in plain text.THIS IS VERY BAD PRACTICE!1. If the database is hacked/stolen, users account will be at risk.2. The user’s information could be at risk from members of the internal organization
  • 4. MD5 HashingOne answer to solving the problem is MD5 hashing.Before the password is actually inserted in the database,hash it with md5.
  • 5. Problem with MD5 HashMD5 hashing is great, except for one small problem.There is a dictionary list of md5 hashes. Just Google thehashed code and see for yourself. www.prodigyview.com
  • 6. Dictionary List and AttacksA dictionary list is a library of hashed values and theircorresponding unhashed strings.In other words, it’s a way of decoding md5 hashedpasswords.A dictionary list can be built using other hashingalgorithms such as sha1(). How do we get around this? www.prodigyview.com
  • 7. SALT!Salt is adding a string of text as part of the encryptionprocess. This can prevent basic dictionary list from beingformed.
  • 8. Google the SALTed HashA Google search for the salted hash will give theseresults. This is what we want. www.prodigyview.com
  • 9. A Small Problem with SALTWe are about to make things a little more complex. SALTis great because is HARD to make a dictionary list butNOT IMPOSSIBLE.The way around this problem to find some way making aunique SALT for each user. Our next slide is one ofmany ways of making a unique SALT for extra security. www.prodigyview.com
  • 10. Use Two IDsA user login’s with their email and password. For our saltto work, lets add in a third login field. Make each userhave their own unique pin number that is required tologin. The pin number will be the SALT.
  • 11. PHP CryptPHP has a function design for securing a user’s password. Itwill use standard Unix DES algorithm but can be configured touse others. The function also supports SALT. http://php.net/manual/en/function.crypt.php
  • 12. More TutorialsFor more tutorials, please visit:http://www.prodigyview.com/tutorials www.prodigyview.com

×