- Before talking about "SALT", We have to know about somethings.
What is Cryptography ?
- Cryptography is the science of protecting information by transforming it into a secure format. ... An example of basic cryptography is a encrypted message in which letters are replaced with other characters. To decode the encrypted contents, you would need a grid or table that defines how the letters are transposed.
How do they crack passwords?
- Generally when we set password it changes to hashes and when we attempt to login again, password get hashed and get compares it within database.
- Here, hashing is the only one way process, So we can not change hash to plain text again.
- So when someone hacks database they get only hashes which they generally have no use.
- Hashes are so unique that when we change a single character in password the whole hash will change.
- So to guess hashes they use many ways, some are:
- Some websites guess it by comparing it with 800 billion hashes. These websites use Rainbow table method.
- Brute Force Attack: A brute force attack, also known as an exhaustive search, is a cryptographic hack that relies on guessing possible combinations of a targeted password until the correct password is discovered. The longer the password, the more combinations that will need to be tested. A brute force attack can be time consuming, difficult to perform if methods such as data obfuscation are used, and at times down right impossible. However, if the password is weak it could merely take seconds with hardly any effort. Weak passwords are like shooting fish in a barrel for attackers, which is why all organizations should enforce a strong password policy across all users and systems.
- Dictionary attack is type of brute force attack.
Now, What are salts?
- Salts create unique passwords even in the instance of two users choosing the same passwords. Salts help us mitigate rainbow table attacks by forcing attackers to re-compute them using the salts
- They are small and random appended characters which added to passwords before they get hashed
- Ex: Password: Fullbuster
So hash: FullbusterZ%!#p
here above line get converted to hash
- User even don't know that hashes are used.
- So it makes Brute Force attack difficult and makes password also unique.
For more content visit my webpage mdfahadh.xyz