/plushcap/analysis/cloudflare/keeping-passwords-safe-by-staying-up-to-date

Keeping passwords safe by staying up to date

What's this blog post about?

The text discusses various methods of storing passwords and their security implications. It begins with plain text storage, which is highly insecure as it allows hackers to easily access all accounts if the database is compromised. Encrypted or hashed passwords offer slightly better security but are still vulnerable to attacks. Hashing using a cryptographic hash function like SHA-1 provides more protection, but can be cracked by using precomputed rainbow tables. Adding salt (a random string of characters) to the hash makes it unique for each user and renders rainbow tables useless. However, as computing power increases, even salted hashes become vulnerable to cracking. To address this issue, slow hash functions like bcrypt have been developed, which can be made slower over time to keep pace with faster computers. The text emphasizes the importance of regular security reviews and choosing long, complex passwords for better protection against hackers.

Company
Cloudflare

Date published
June 17, 2012

Author(s)
John Graham-Cumming

Word count
1392

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.