SlideShare uma empresa Scribd logo

Securing Login Credentials - SALT Tutorial

Transferir como PPTX, PDF
ProdigyView
ProdigyView

Learn how to create secure logins by properly hashing passwords and using SALT.

Tecnologia
1 de 12
Creating A Secure Login www.prodigyview.com
Storing A User’s Password Standard issue for having access to a site is a user’s password with an association to a username or email address. BAD PRACTICE !!!! www.prodigyview.com
Storing Passwords in Plain Text On the previous slide, the password was in plain text. THIS IS VERY BAD PRACTICE! 1. If the database is hacked/stolen, users account will be at risk. 2. The user’s information could be at risk from members of the internal organization
MD5 Hashing One answer to solving the problem is MD5 hashing. Before the password is actually inserted in the database, hash it with md5.
Problem with MD5 Hash MD5 hashing is great, except for one small problem. There is a dictionary list of md5 hashes. Just Google the hashed code and see for yourself. www.prodigyview.com
Dictionary List and Attacks A dictionary list is a library of hashed values and their corresponding unhashed strings. In other words, it’s a way of decoding md5 hashed passwords. A dictionary list can be built using other hashing algorithms such as sha1(). How do we get around this? www.prodigyview.com
SALT! Salt is adding a string of text as part of the encryption process. This can prevent basic dictionary list from being formed.
Google the SALTed Hash A Google search for the salted hash will give these results. This is what we want. www.prodigyview.com
A Small Problem with SALT We are about to make things a little more complex. SALT is great because is HARD to make a dictionary list but NOT IMPOSSIBLE. The way around this problem to find some way making a unique SALT for each user. Our next slide is one of many ways of making a unique SALT for extra security. www.prodigyview.com
Use Two IDs A user login’s with their email and password. For our salt to work, lets add in a third login field. Make each user have their own unique pin number that is required to login. The pin number will be the SALT.
PHP Crypt PHP has a function design for securing a user’s password. It will use standard Unix DES algorithm but can be configured to use others. The function also supports SALT. http://php.net/manual/en/function.crypt.php
More Tutorials For more tutorials, please visit: http://www.prodigyview.com/tutorials www.prodigyview.com

Recomendados

Data validation in web applications
Data validation in web applicationsData validation in web applications
Data validation in web applicationssrkirkland
 
Web Security
Web SecurityWeb Security
Web SecurityBharath Manoharan
 
Installing Plug-ins
Installing Plug-insInstalling Plug-ins
Installing Plug-insProdigyView
 
Building An Application
Building An ApplicationBuilding An Application
Building An ApplicationProdigyView
 
Installing Applications
Installing ApplicationsInstalling Applications
Installing ApplicationsProdigyView
 
Video Content Management
Video Content ManagementVideo Content Management
Video Content ManagementProdigyView
 
Audio Content Management
Audio Content ManagementAudio Content Management
Audio Content ManagementProdigyView
 
File Content Management
File Content ManagementFile Content Management
File Content ManagementProdigyView
 

Recomendados

Data validation in web applications
Data validation in web applicationsData validation in web applications
Data validation in web applicationssrkirkland
 
Web Security
Web SecurityWeb Security
Web SecurityBharath Manoharan
 
Installing Plug-ins
Installing Plug-insInstalling Plug-ins
Installing Plug-insProdigyView
 
Building An Application
Building An ApplicationBuilding An Application
Building An ApplicationProdigyView
 
Installing Applications
Installing ApplicationsInstalling Applications
Installing ApplicationsProdigyView
 
Video Content Management
Video Content ManagementVideo Content Management
Video Content ManagementProdigyView
 
Audio Content Management
Audio Content ManagementAudio Content Management
Audio Content ManagementProdigyView
 
File Content Management
File Content ManagementFile Content Management
File Content ManagementProdigyView
 
Email Configuration
Email ConfigurationEmail Configuration
Email ConfigurationProdigyView
 
HTML5 Tags and Elements Tutorial
HTML5 Tags and Elements TutorialHTML5 Tags and Elements Tutorial
HTML5 Tags and Elements TutorialProdigyView
 
HTML Forms Tutorial
HTML Forms TutorialHTML Forms Tutorial
HTML Forms TutorialProdigyView
 
Html Tags Tutorial
Html Tags TutorialHtml Tags Tutorial
Html Tags TutorialProdigyView
 
Video Conversion PHP
Video Conversion PHPVideo Conversion PHP
Video Conversion PHPProdigyView
 
Sending Email Basics PHP
Sending Email Basics PHPSending Email Basics PHP
Sending Email Basics PHPProdigyView
 
Tools ProdigyView
Tools ProdigyViewTools ProdigyView
Tools ProdigyViewProdigyView
 
Custom Validation PHP
Custom Validation PHPCustom Validation PHP
Custom Validation PHPProdigyView
 
Basic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHPBasic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHPProdigyView
 
Understanding Web Cache
Understanding Web CacheUnderstanding Web Cache
Understanding Web CacheProdigyView
 
Javascript And CSS Libraries
Javascript And CSS LibrariesJavascript And CSS Libraries
Javascript And CSS LibrariesProdigyView
 
PHP Libraries
PHP LibrariesPHP Libraries
PHP LibrariesProdigyView
 
SQL Prepared Statements Tutorial
SQL Prepared Statements TutorialSQL Prepared Statements Tutorial
SQL Prepared Statements TutorialProdigyView
 
Database Basics
Database BasicsDatabase Basics
Database BasicsProdigyView
 
Implementing the Adapter Design Pattern
Implementing the Adapter Design PatternImplementing the Adapter Design Pattern
Implementing the Adapter Design PatternProdigyView
 
Intercepting Filters Design Pattern
Intercepting Filters Design PatternIntercepting Filters Design Pattern
Intercepting Filters Design PatternProdigyView
 
Creating Dynamic Objects PHP
Creating Dynamic Objects PHPCreating Dynamic Objects PHP
Creating Dynamic Objects PHPProdigyView
 
PV Standard Search Query
PV Standard Search QueryPV Standard Search Query
PV Standard Search QueryProdigyView
 
Prodigyview XML COnfiguration File
Prodigyview XML COnfiguration FileProdigyview XML COnfiguration File
Prodigyview XML COnfiguration FileProdigyView
 
Learning PHP Basics Part 2
Learning PHP Basics Part 2Learning PHP Basics Part 2
Learning PHP Basics Part 2ProdigyView
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Mais conteúdo relacionado

Mais de ProdigyView

Email Configuration
Email ConfigurationEmail Configuration
Email ConfigurationProdigyView
 
HTML5 Tags and Elements Tutorial
HTML5 Tags and Elements TutorialHTML5 Tags and Elements Tutorial
HTML5 Tags and Elements TutorialProdigyView
 
HTML Forms Tutorial
HTML Forms TutorialHTML Forms Tutorial
HTML Forms TutorialProdigyView
 
Html Tags Tutorial
Html Tags TutorialHtml Tags Tutorial
Html Tags TutorialProdigyView
 
Video Conversion PHP
Video Conversion PHPVideo Conversion PHP
Video Conversion PHPProdigyView
 
Sending Email Basics PHP
Sending Email Basics PHPSending Email Basics PHP
Sending Email Basics PHPProdigyView
 
Tools ProdigyView
Tools ProdigyViewTools ProdigyView
Tools ProdigyViewProdigyView
 
Custom Validation PHP
Custom Validation PHPCustom Validation PHP
Custom Validation PHPProdigyView
 
Basic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHPBasic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHPProdigyView
 
Understanding Web Cache
Understanding Web CacheUnderstanding Web Cache
Understanding Web CacheProdigyView
 
Javascript And CSS Libraries
Javascript And CSS LibrariesJavascript And CSS Libraries
Javascript And CSS LibrariesProdigyView
 
SQL Prepared Statements Tutorial
SQL Prepared Statements TutorialSQL Prepared Statements Tutorial
SQL Prepared Statements TutorialProdigyView
 
Implementing the Adapter Design Pattern
Implementing the Adapter Design PatternImplementing the Adapter Design Pattern
Implementing the Adapter Design PatternProdigyView
 
Intercepting Filters Design Pattern
Intercepting Filters Design PatternIntercepting Filters Design Pattern
Intercepting Filters Design PatternProdigyView
 
Creating Dynamic Objects PHP
Creating Dynamic Objects PHPCreating Dynamic Objects PHP
Creating Dynamic Objects PHPProdigyView
 
PV Standard Search Query
PV Standard Search QueryPV Standard Search Query
PV Standard Search QueryProdigyView
 
Prodigyview XML COnfiguration File
Prodigyview XML COnfiguration FileProdigyview XML COnfiguration File
Prodigyview XML COnfiguration FileProdigyView
 
Learning PHP Basics Part 2
Learning PHP Basics Part 2Learning PHP Basics Part 2
Learning PHP Basics Part 2ProdigyView
 

Mais de ProdigyView (20)

Email Configuration
Email ConfigurationEmail Configuration
Email Configuration
 
HTML5 Tags and Elements Tutorial
HTML5 Tags and Elements TutorialHTML5 Tags and Elements Tutorial
HTML5 Tags and Elements Tutorial
 
HTML Forms Tutorial
HTML Forms TutorialHTML Forms Tutorial
HTML Forms Tutorial
 
Html Tags Tutorial
Html Tags TutorialHtml Tags Tutorial
Html Tags Tutorial
 
Video Conversion PHP
Video Conversion PHPVideo Conversion PHP
Video Conversion PHP
 
Sending Email Basics PHP
Sending Email Basics PHPSending Email Basics PHP
Sending Email Basics PHP
 
Tools ProdigyView
Tools ProdigyViewTools ProdigyView
Tools ProdigyView
 
Custom Validation PHP
Custom Validation PHPCustom Validation PHP
Custom Validation PHP
 
Basic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHPBasic File Cache Tutorial - PHP
Basic File Cache Tutorial - PHP
 
Understanding Web Cache
Understanding Web CacheUnderstanding Web Cache
Understanding Web Cache
 
Javascript And CSS Libraries
Javascript And CSS LibrariesJavascript And CSS Libraries
Javascript And CSS Libraries
 
PHP Libraries
PHP LibrariesPHP Libraries
PHP Libraries
 
SQL Prepared Statements Tutorial
SQL Prepared Statements TutorialSQL Prepared Statements Tutorial
SQL Prepared Statements Tutorial
 
Database Basics
Database BasicsDatabase Basics
Database Basics
 
Implementing the Adapter Design Pattern
Implementing the Adapter Design PatternImplementing the Adapter Design Pattern
Implementing the Adapter Design Pattern
 
Intercepting Filters Design Pattern
Intercepting Filters Design PatternIntercepting Filters Design Pattern
Intercepting Filters Design Pattern
 
Creating Dynamic Objects PHP
Creating Dynamic Objects PHPCreating Dynamic Objects PHP
Creating Dynamic Objects PHP
 
PV Standard Search Query
PV Standard Search QueryPV Standard Search Query
PV Standard Search Query
 
Prodigyview XML COnfiguration File
Prodigyview XML COnfiguration FileProdigyview XML COnfiguration File
Prodigyview XML COnfiguration File
 
Learning PHP Basics Part 2
Learning PHP Basics Part 2Learning PHP Basics Part 2
Learning PHP Basics Part 2
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Último (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Securing Login Credentials - SALT Tutorial

  • 1. Creating A Secure Login www.prodigyview.com
  • 2. Storing A User’s Password Standard issue for having access to a site is a user’s password with an association to a username or email address. BAD PRACTICE !!!! www.prodigyview.com
  • 3. Storing Passwords in Plain Text On the previous slide, the password was in plain text. THIS IS VERY BAD PRACTICE! 1. If the database is hacked/stolen, users account will be at risk. 2. The user’s information could be at risk from members of the internal organization
  • 4. MD5 Hashing One answer to solving the problem is MD5 hashing. Before the password is actually inserted in the database, hash it with md5.
  • 5. Problem with MD5 Hash MD5 hashing is great, except for one small problem. There is a dictionary list of md5 hashes. Just Google the hashed code and see for yourself. www.prodigyview.com
  • 6. Dictionary List and Attacks A dictionary list is a library of hashed values and their corresponding unhashed strings. In other words, it’s a way of decoding md5 hashed passwords. A dictionary list can be built using other hashing algorithms such as sha1(). How do we get around this? www.prodigyview.com
  • 7. SALT! Salt is adding a string of text as part of the encryption process. This can prevent basic dictionary list from being formed.
  • 8. Google the SALTed Hash A Google search for the salted hash will give these results. This is what we want. www.prodigyview.com
  • 9. A Small Problem with SALT We are about to make things a little more complex. SALT is great because is HARD to make a dictionary list but NOT IMPOSSIBLE. The way around this problem to find some way making a unique SALT for each user. Our next slide is one of many ways of making a unique SALT for extra security. www.prodigyview.com
  • 10. Use Two IDs A user login’s with their email and password. For our salt to work, lets add in a third login field. Make each user have their own unique pin number that is required to login. The pin number will be the SALT.
  • 11. PHP Crypt PHP has a function design for securing a user’s password. It will use standard Unix DES algorithm but can be configured to use others. The function also supports SALT. http://php.net/manual/en/function.crypt.php
  • 12. More Tutorials For more tutorials, please visit: http://www.prodigyview.com/tutorials www.prodigyview.com