Encryption technique allows you to protect passwords by replacing them with random text strings. By now they seem to do almost no news. Password theft by hackers is on the agenda. Despite all the security measures that users put in place and the devices to defend themselves against identity theft, hackers seem to always be a step ahead of both users and security experts hired by the various companies operating on the web. To be under attack so, it is not the individual passwords, but rather the databases of the online services in which the user access credentials are contained. From Authentico Technologies you can have the smartest deals now.
At this point, a special cyber defense technique known as password hashing comes into play. Thanks to this technique, even in the event of computer theft, hackers would find themselves in the hands of a long list of random characters practically unusable, instead of a true clear password.
What is password hashing?
This is a cryptographic technique; it is not based on the exchange of public keys and private keys, as happens, for example, in the case of end-to-end cryptography. The protection of our credentials is entrusted to theoretically irreversible algorithms which, under the same initial conditions, are able to always return the same result, the same string of apparently random characters starting from the same initial password.
When the account of a web service is created, and the profile is accessed for the first time, the cryptographic system of the service generates, starting from the password we have chosen, a unique string of characters called hash. With each new access, a new character string will be generated using the same algorithms applied to the entered password, the result will then be compared to the original hash: if the two strings match, the correct access key will be inserted and then the authentication procedure will be completed, instead of the strings do not coincide it will mean that it was wrong to enter the password.
Hard hashing versus soft hashing
From a hypothetical view, as mentioned, neither the hackers nor the web service operators themselves could be able to invert the password hashing process and thus obtain the users’ access credentials in the clear. As it happens, however, with security systems for Wi-Fi connection, not all hash standards have the same ability to withstand reverse engineering operations. Thus it happens that passwords protected with SHA1 algorithms can be discovered anyway, even if the work required to do so is long and quite complex.
If other security systems are applied to the SHA1 algorithm, life for hackers and hackers will be much harder. This is the case of bcrypt, a security system that allows the use of extremely complex encryption algorithms to decipher. According to Rick Redman, IT security expert and Senior Security Consultant for Korelogic one of the most important companies in the web security sector, from the moment the flaw is discovered and the information is stolen in the form of a list of hash strings the time to intervene and secure your data depends very much on the type of cryptographic key used.