To protect the password, salt is added to the hashing process to force their uniqueness, increase their complexity without increasing user requirements, and to mitigate password attacks like rainbow tables.

There are various ways to secure passwords. Mostly used ones are Cryptographic hash functions, which implements hashing. Hashing is the process of adding some kind of text to our already existing password and thereby changing the size and format of the password being stored. Hash functions like SHA256, SHA512, RipeMD, MD5, and WHIRLPOOL are cryptographic hash functions for this purpose. There are different hash functions based on the purpose of the user, it can also be used to implement data structure functionality.

By using the cryptographic hash function, it will protect the password of users. This is far from the truth. There are many ways to recover passwords from plain hashes very quickly. There are several easy-to-implement techniques that make these “attacks” much less effective. Encoding and decoding techniques can also be used to secure our passwords. Example, Base64Encoding Technique. Any kind of hashing techniques can be used to protect data, which will purely depend on whom it will implement.

Cryptographically secure pseudo random number generator (CSPRNG) algorithm is to be required, which must produce statically random number and they must hold up against attack. In some highly secure application special hardware is used to produce a true random number from a physical process such as noise produced by the microphone or nuclear decay of a radioactive source. After generating true random number called as salt value, it must be combined with the plain text to produce a salted hash. To produce a salted hash, use a salt value as a prefix to the plain text or appending to the plain text before calculating hash.

The working of Base64Encoder as follows, when the user enters their password. A specific random key (salt) generated by trusted random function is added to the existing password and its encoded using Base64 or by using any other hash functions. The encoded passwords are saved into the database. While at the next time, when the user try to login to the site, the password he/she interned in the password field is added with the key, which has been already stored in the database. The newly entered password is again encoded using Base64 and checks whether it matches the previously saved salted password. If Both are same, access is granted otherwise permission is denied. So that the passwords are safe from outside interference.

Password salting is the process of securing password hashes from something called a Rainbow Table attack. The problem with non-salted passwords is that they do not have a property that is unique to themselves – that is, if someone had a precomputed rainbow table of common password hashes, they could easily compare them to a database and see who had used which common password. A rainbow table is a pre-generated list of hash inputs to outputs, to quickly be able to look up an input, from its hash. However, a rainbow table attack is only possible because the output of a hash function is always the same with the same input.

Author: STEPS