Tuesday, 30 December 2014

How does Passwords Work

Hello, Friends

Today I am gonna tell you How does your password Stored on the Internet 

There are a number of ways a site can store your password, and some are considerably more secure than others.

Method One: Plain Text Passwords

How It Works: The simplest way a site can store your password is in plain text. That means somewhere on a their server, there exists a database with your username and password in it in a human readable form (i.e, if your password is "testing123", it is stored in the database as "testing123"). When you enter your credentials on the site, it checks them against the database to see if they match. This is the worst possible method, in security terms, and most reputable web sites do not store passwords in plain text. If someone hacks this database, everyone's password is immediately compromised.

Method Two: Basic Password Encryption

How It Works: To add more protection to your password than plain text provides, most sites encrypt your password before they store it on their servers. Encryption, for those of you that don't know, uses a special key to turn your password into a random string of text. If a hacker were to get hold of this random string of text, they wouldn't be able to log into your account unless they also had the key, which they could then use to decrypt it.

Method Three: Hashed Passwords

How It Works: Hashed is similar to encryption in the sense that it turns your password into a long string of letters and numbers to keep it hidden. However, unlike encryption, hashing is a one way street. If you have the hash, you can't run the algorithm backwards to get the original password. This means a hacker would have to obtain the hashes and then try a number of different password combinations to see which ones worked.

Method Four: Hashed Passwords with a Dash of Salt

How It Works: Salting a hash means adding a random string of characters is called a "salt"—to the beginning or end of your password before hashing it. It uses a different salt for each password, and even if the salts are stored on the same servers, it will make it very hard to find those salted hashes in the rainbow tables, since each one is long, complex, and unique. LinkedIn is famous for not using salted hashes, which brought them under a lot of scrutiny after their recent hack—If they had  used salts, their users would have been safer.

These were the basic methods that I know used for password storage on Internet.
Thanks for Reading this article.

No comments:

Post a Comment