Question

In: Advanced Math

Why is it not good to directly store the hash of password in a file? How...

Why is it not good to directly store the hash of password in a file? How can the use of salt enhance password security?

Solutions

Expert Solution

“Hashing” passwords is the common approach to storing passwords securely. A “Hash” is a one-way function that generates a representation of the password. So when a user signs up for an account and they choose a password, the password is stored as the generated hash, rather than the actual characters that the user typed in.

Unfortunately, hashing a password is not nearly enough. It does not take very much computational power to generate a table of hashes of combinations of letters, numbers and symbols. Once you have this store of hashes, you can then compare the hash you want to crack and see if it matches. Once you find a match, you know the password.

In order to make it more difficult to expose a hash, you also need to salt it. Salting is where you add an extra bit of data to the password before you hash it.

Salting is important because it adds a whole new level of required computational power in order to expose the hash. By adding a salt, you effectively render any lookup table useless. Hashing a password is not 100% secure as hashing alone is not that difficult to break. When you add a salt to the hash, you make it much more difficult to crack.

Colby Messinger answered 1 year ago
Next > < Previous

Related Solutions

Are hash algorithms (such as MD5 and SHA1) are as good as they appear to be?...
Are hash algorithms (such as MD5 and SHA1) are as good as they appear to be? Why or why not?
What is the hash value of a file, and what does it mean if two files...
What is the hash value of a file, and what does it mean if two files have the same hash value?
C++ only please Description A hash table is a data structure that is used to store...
C++ only please Description A hash table is a data structure that is used to store keys/value pairs. It is perfect to use when you have a large amount of directory-type information and the operations you need to perform are to insert, delete, print, and search. I am giving you all a lot more freedom in this program in that the value held in your hash table can be a pointer to any object created from your own custom class....
When using secure hash functions in an RSA signature, why do we sign the hash Sign...
When using secure hash functions in an RSA signature, why do we sign the hash Sign (H (m)) instead of taking the take the hash H (Sign (m)) ?
How to read a text file and store the elements into a linked list in java?...
How to read a text file and store the elements into a linked list in java? Example of a text file: CS100, Intro to CS, John Smith, 37, 100.00 CS200, Java Programming, Susan Smith, 35, 200.00 CS300, Data Structures, Ahmed Suad, 41, 150.50 CS400, Analysis of Algorithms, Yapsiong Chen, 70, 220.50 and print them out in this format: Course: CS100 Title: Intro to CS Author: Name = John Smith, Age = 37 Price: 100.0. And also to print out the...
You want to create a good hash function. Which of these properties is the least important...
You want to create a good hash function. Which of these properties is the least important for your hash function to have? Let's say you want to store a collection of unique elements. You would like to be able to search, insert, delete as fast as possible. Which data structure should you use? Let's say you want your hash table to allow load factors greater than 1. You would use:
Briefly describe how to use a keyed hash.
Briefly describe how to use a keyed hash.
how to md5 hash Allayah using openssl?
how to md5 hash Allayah using openssl?
6. Store your important phone numbers in a hash. Write a program to look up umbers...
6. Store your important phone numbers in a hash. Write a program to look up umbers by the person’s name in perl language.
Can someone please write me a header file in c++ using the quadratic probing hash method...
Can someone please write me a header file in c++ using the quadratic probing hash method that will work with this program? #include "hash.h" #include <algorithm> #include <cstdlib> #include <ctime> #include <iostream> #include <list> using namespace std; const size_t KEYS_COUNT = 1000; // Number of keys to generate for testing string random_key(); class HashCheck { private: size_t count; Hash hash; public: HashCheck(Hash& h) { count = 0; hash = h; } void operator() (const string key) { if (hash[key] !=...
ADVERTISEMENT
Subjects
ADVERTISEMENT
Latest Questions
ADVERTISEMENT