Securing Login Credentials - SALT Tutorial
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Securing Login Credentials - SALT Tutorial

on

  • 3,646 views

Learn how to create secure logins by properly hashing passwords and using SALT.

Learn how to create secure logins by properly hashing passwords and using SALT.

Statistics

Views

Total Views
3,646
Views on SlideShare
3,389
Embed Views
257

Actions

Likes
1
Downloads
18
Comments
0

2 Embeds 257

http://www.prodigyview.com 256
http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Securing Login Credentials - SALT Tutorial Presentation Transcript

  • 1. Creating A Secure Login www.prodigyview.com
  • 2. Storing A User’s PasswordStandard issue for having access to a site is a user’spassword with an association to a username or emailaddress. BAD PRACTICE !!!! www.prodigyview.com
  • 3. Storing Passwords in Plain TextOn the previous slide, the password was in plain text.THIS IS VERY BAD PRACTICE!1. If the database is hacked/stolen, users account will be at risk.2. The user’s information could be at risk from members of the internal organization
  • 4. MD5 HashingOne answer to solving the problem is MD5 hashing.Before the password is actually inserted in the database,hash it with md5.
  • 5. Problem with MD5 HashMD5 hashing is great, except for one small problem.There is a dictionary list of md5 hashes. Just Google thehashed code and see for yourself. www.prodigyview.com
  • 6. Dictionary List and AttacksA dictionary list is a library of hashed values and theircorresponding unhashed strings.In other words, it’s a way of decoding md5 hashedpasswords.A dictionary list can be built using other hashingalgorithms such as sha1(). How do we get around this? www.prodigyview.com
  • 7. SALT!Salt is adding a string of text as part of the encryptionprocess. This can prevent basic dictionary list from beingformed.
  • 8. Google the SALTed HashA Google search for the salted hash will give theseresults. This is what we want. www.prodigyview.com
  • 9. A Small Problem with SALTWe are about to make things a little more complex. SALTis great because is HARD to make a dictionary list butNOT IMPOSSIBLE.The way around this problem to find some way making aunique SALT for each user. Our next slide is one ofmany ways of making a unique SALT for extra security. www.prodigyview.com
  • 10. Use Two IDsA user login’s with their email and password. For our saltto work, lets add in a third login field. Make each userhave their own unique pin number that is required tologin. The pin number will be the SALT.
  • 11. PHP CryptPHP has a function design for securing a user’s password. Itwill use standard Unix DES algorithm but can be configured touse others. The function also supports SALT. http://php.net/manual/en/function.crypt.php
  • 12. More TutorialsFor more tutorials, please visit:http://www.prodigyview.com/tutorials www.prodigyview.com