You may be wondering what the connection between the words
hash, salt, rainbow tables, and dictionary is.
The answer? Cybersecurity. Each
of these terms plays a crucial role in the complex game of keeping user
passwords safe. Every database that
stores passwords is liable to be compromised by malicious crackers, so computer
scientists have needed to devise different ways to make sure our passwords and
usernames remain safe.
Simply put, our passwords are not stored as our
passwords. To use a common password as
an example, ‘letmein’ would not be stored in the database exactly as the string
‘letmein’. Instead, encrypting
algorithms change your password into an unintelligible combination of
characters. However, there are two forms
of encryption.
The first method is a two-way encryption using a key. The password is changed into an
unintelligible representation using a defined key. However, if someone can get their hands on the
key, they can easily crack all of the encrypted passwords. As a result, encrypting passwords leaves them
completely vulnerable to being compromised by someone with the key. Yet, two-way encryption has a valid use in
message transmission. You provide the
recipient with the key and the encrypted message, and they can subsequently
decode it.
The second method is called hashing. Hashing does not require a key, and is thus
referred to as one-way. Instead of using a key, hashing converts a string of
arbitrary length into a string of a fixed size.
It is infeasible to invert the hashed code back into a readable
message. As a result, it is used to
store passwords in databases, since even if a cracker had access to hashed
passwords, they would not be able to convert it back to readable
passwords. In addition random input, or
‘salt’, is also concatenated onto the password then hashed for extra security.
 |
| Hashing maps arbitrary length strings onto a fixed length string. |
A rainbow table is one mode of attack on hashed encryptions. Rainbow tables use a pre-computed table of
values to try to reverse a hash, as opposed to dictionary attacks that will go sequentially
through a dictionary of characters to solve the problem in brute-force fashion. Since the input is more limited, not as much
of a burden is put on the computer’s storage.
Luckily, salting the hash renders even rainbow tables infeasible.
In the technical world of today, both corporate and personal
data need to be kept safe for the sake of societal stability— cryptography is
the key.
References & Pictures:
https://en.wikipedia.org/wiki/Salt_(cryptography)
http://www.kedeleducation.co.uk/picnic-tables.html
http://weknowyourdreams.com/salt.html
No comments:
Post a Comment