Why is it not good to directly store the hash of password in a file? How...

Why is it not good to directly store the hash of password in a file? How can the use of salt enhance password security?

Expert Solution

“Hashing” passwords is the common approach to storing passwords securely. A “Hash” is a one-way function that generates a representation of the password. So when a user signs up for an account and they choose a password, the password is stored as the generated hash, rather than the actual characters that the user typed in.

Unfortunately, hashing a password is not nearly enough. It does not take very much computational power to generate a table of hashes of combinations of letters, numbers and symbols. Once you have this store of hashes, you can then compare the hash you want to crack and see if it matches. Once you find a match, you know the password.

In order to make it more difficult to expose a hash, you also need to salt it. Salting is where you add an extra bit of data to the password before you hash it.

Salting is important because it adds a whole new level of required computational power in order to expose the hash. By adding a salt, you effectively render any lookup table useless. Hashing a password is not 100% secure as hashing alone is not that difficult to break. When you add a salt to the hash, you make it much more difficult to crack.

Colby Messinger answered 1 year ago

Are hash algorithms (such as MD5 and SHA1) are as good as they appear to be?...

Are hash algorithms (such as MD5 and SHA1) are as good as they appear to be? Why or why not?

What is the hash value of a file, and what does it mean if two files...

What is the hash value of a file, and what does it mean if two files have the same hash value?

C++ only please Description A hash table is a data structure that is used to store...

C++ only please Description A hash table is a data structure that is used to store keys/value pairs. It is perfect to use when you have a large amount of directory-type information and the operations you need to perform are to insert, delete, print, and search. I am giving you all a lot more freedom in this program in that the value held in your hash table can be a pointer to any object created from your own custom class....

When using secure hash functions in an RSA signature, why do we sign the hash Sign...

When using secure hash functions in an RSA signature, why do we sign the hash Sign (H (m)) instead of taking the take the hash H (Sign (m)) ?

How to read a text file and store the elements into a linked list in java?...

How to read a text file and store the elements into a linked list in java? Example of a text file: CS100, Intro to CS, John Smith, 37, 100.00 CS200, Java Programming, Susan Smith, 35, 200.00 CS300, Data Structures, Ahmed Suad, 41, 150.50 CS400, Analysis of Algorithms, Yapsiong Chen, 70, 220.50 and print them out in this format: Course: CS100 Title: Intro to CS Author: Name = John Smith, Age = 37 Price: 100.0. And also to print out the...

You want to create a good hash function. Which of these properties is the least important...

You want to create a good hash function. Which of these properties is the least important for your hash function to have? Let's say you want to store a collection of unique elements. You would like to be able to search, insert, delete as fast as possible. Which data structure should you use? Let's say you want your hash table to allow load factors greater than 1. You would use:

1-If attackers are able to get their hands on a password file, where all the passwords...

1-If attackers are able to get their hands on a password file, where all the passwords are hashed and salted, what would be their best approach to obtain at least one of these password? Here an example of the first two lines of a generic password file: HASH (SHA-256) SALT 1138275656b8e5d8f48a98c3c92df27e6fbfe24a750e72930c220a8e2caba935 535788591 ee65ef498fb368a2dfd38b40f0ee75c05963cd9da6e5f014118c7d9747fcc97f4 778035290 2-Play-Doh™ (Links to an external site.) has been used to get access to systems that used fingerprinting as access control (yup, and it worked 90% of...

Briefly describe how to use a keyed hash.

how to md5 hash Allayah using openssl?

Write a shell script that will create a new password-type file that contains user information. The...

Write a shell script that will create a new password-type file that contains user information. The file should contain information about the last five users added to the system with each line describing a single user. This information is contained in the last five lines of both the /etc/shadow and the /etc/passwd files. Specifically, you should produce a file where each line for a user contains the following fields: user name, encrypted password, and shell. The fields should be separated...

Question