SlideShare is now on Android. 15 million presentations at your fingertips.  Get the app

×
  • Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
 

Password hash, store, profit - Passwords13

by Web Security, Performance & PHP Junkie Pushing Limits at Slevomat on Sep 07, 2013

  • 1,762 views

Why is proper password hashing essential in protecting your users? And what is proper hashing, anyway? ...

Why is proper password hashing essential in protecting your users? And what is proper hashing, anyway?

I was talking at the Passwords13 Las Vegas, USA, a conference focused only on passwords & PIN codes, about various ways of storing users' passwords in a database. I was the first web developer ever to speak at this conference.

I also presented one real world example by using a dumped dataset with several hundred hashed passwords from a small local (Czech) online shop for a major clothing brand. I demonstrated that it's possible to take over user's mailbox (including a gmail.com mailbox with additional protection) by cracking passwords from this dataset simply by using an online cracking tool. That is few dozens of active mailboxes in several minutes with just a browser. I presented some stats gathered while working with this dataset – how many passwords were successfully cracked by this online tool and how many were additionally cracked using a tool called hashcat on a regular laptop. I recommended better hashing algos than just a plain SHA-1, like scrypt and bcrypt. As a bonus I added few tips like don't send passwords by email.

http://www.michalspacek.cz/prednasky/hash-store-profit-passwords
http://www.youtube.com/watch?v=5RX-qUQ0iN4

Statistics

Views

Total Views
1,762
Views on SlideShare
1,334
Embed Views
428

Actions

Likes
5
Downloads
16
Comments
2

3 Embeds 428

http://www.michalspacek.cz 414
https://twitter.com 12
http://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via SlideShare as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

12 of 2 previous next

Post Comment
Edit your comment

Password hash, store, profit - Passwords13 Password hash, store, profit - Passwords13 Presentation Transcript