August 2018
Beginner
594 pages
22h 33m
English
Content preview from Software Architect's Handbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Storing hashed passwords
As we learned in the Cryptographic hash functions section earlier in this chapter, cryptographic hash functions are one-way functions with no practical way of reversing the hash back to the original value. This characteristic makes them useful for password storage. It is imperative though that you select a cryptographic hash function that is not broken (does not have any known collisions).
As part of user registration, the password is hashed. When a user logs on, they enter their password in plaintext, which is hashed and compared with the stored hash value. However, hashing alone is not sufficient for storing passwords. A dictionary attack can be executed to guess a password by comparing it with a pre-compiled list. ...