Password Hashing Techniques

Questions and Answers

What is the primary purpose of salting passwords before hashing?

To simplify the hashing process.

To ensure unique hashes for identical passwords. (correct)

To make passwords easier to remember.

To limit the number of failed login attempts.

Which of the following is a potential issue when passwords are not salted?

Identical passwords produce identical hashes. (correct)

Password length restrictions apply.

User passwords become too complex.

Encryption of passwords may fail.

What factors should be considered when choosing a hash function?

Security, performance, and resistance to attacks. (correct)

Only the speed of hashing is important.

Cost of implementation and maintenance.

User convenience in remembering hashes.

Why are humans a significant factor in password security?

They often use common passwords that are easily guessable.

Which of the following hash functions is recommended for strong password hashing?

bcrypt

What is the main purpose of password hashing?

To transform passwords into a fixed-length string that cannot be easily reversed.

Which of the following algorithms is NOT commonly used for password hashing?

AES

How does a system authenticate a user during login?

It compares the stored hash with the hash of the entered password.

What characteristic of password hashing is essential for ensuring correct password matching?

Identical inputs produce identical outputs.

Why is it necessary to implement salting in password hashing?

To ensure that identical passwords generate different hashes.

What differentiates password hashing from encryption?

Hashing is primarily for secure, irreversible storage of passwords.

Which of the following statements about password hashing is true?

It provides a consistent output for the same input every time.

What aspect of password hashing helps in resisting attacks?

Employing computationally intensive algorithms.

Study Notes

Password Hashing

• Password hashing transforms a plaintext password into a fixed-length string of characters using a hashing algorithm, ensuring that even if someone gains unauthorized access to the hashed password, they cannot easily revert it to the original password.
• Common algorithms for password hashing include bcrypt, Argon2, and Secure Hash Algorithm 2 (SHA-2)
• These algorithms are designed to handle inputs of any length and produce a consistent hash, and are built to resist attacks by being computationally intensive
• When a user creates an account and sets a password, the system applies a hashing algorithm to convert the plaintext password into a hash, this hash is then stored in the database, not the plaintext password
• A key characteristic of password hashing is that the same input will always produce the same output, this is vital for comparison purposes
• However, identical passwords will produce the same hash, this can be exploited if not mitigated by techniques like salting passwords

Password Hashing vs Encryption

• Hashing: One way function, irreversible, used for password storage
• Encryption: Two-way function, reversible, used for data protection

How Password Hashing Works

• The process involves converting plaintext passwords into secure, fixed-length hashes
• The password is subjected to a hashing algorithm, chosen for its security and resistance to attacks
• This produces a hash of the password, the algorithm also includes a salt, a unique, random string
• This salt is added to the password before hashing to ensure that even identical passwords result in different hashes

Salting and Why Hashing Alone is Not Good Enough

• Salting is a technique used to enhance the security of password hashing
• It involves adding a unique, random string of characters (salt) to each password before hashing it
• This ensures that even identical passwords result in different hashes, preventing hackers from using precomputed tables (rainbow tables) to crack hashes

Choosing the Right Hash Function

• Consider security, performance, and future-proofing when choosing a hash function
• Security considerations include the algorithm's resistance to attacks like brute force and rainbow tables
• Performance considerations involve the speed at which the hash function can process passwords
• Future-proofing ensures the chosen hash function will remain secure in the future
• Recommended configurations for each hash function should be followed for optimal implementation

Popular hash functions

• SHA-256: A cryptographic hash function that produces a 256-bit hash value
• bcrypt: A computationally intensive algorithm designed specifically for password hashing
• PBKDF2: A password-based key derivation function often used for password hashing

Description

This quiz explores the concepts and algorithms involved in password hashing. You'll learn about the importance of hashing, common algorithms used, and the reasons why hashing is vital for securing passwords from unauthorized access. Test your knowledge on how hashes are generated and stored in databases.