Hash and Salt

HashSalt4Hash and salt, it sounds kind of tasty — right?  Well… to tell you the truth, it has nothing to do with food, and everything to do with passwords.

Before we talk about “Hash and Salt”, let’s move back a square and talk about passwords, and what makes a good or a bad password.

The World’s Worst Passwords

It might come as no surprise that the worst passwords of 2014 were determined to be “password” and “123456”.  This is only two of the worst passwords; others include “qwerty”, “football”, “baseball”, “batman”, “superman” etc.  For a list of the “25 Worst Passwords of 2014” click here!

What makes a password “bad” is that it is common, and is used the most often, by the most number of people.  Hackers will automatically check sites to see if they can find one of these passwords so that they can gain access, and then delve deeper into the site.

If a hacker discovers your password on one site, then he may try the SAME password and User ID on other sites which are commonly used; sites like “Facebook”, “Google Mail”, “Amazon.com” etc.  Therefore, a good policy is to have several passwords.  Maybe one password for the sites that you are not too concerned about, however, for financial sites and sites that hold personal information, you should be using a separate password for each of these sites.

Tricks to creating Better Passwords

Having a lot of passwords can be hard on the “brain”.  How do you remember all of these passwords?  Well… one good suggestion is to use a “passphrase” instead of a password.  A passphrase can be a song or movie title, or just some phrase that might be easy to remember.  The longer the passphrase the better, and if it contains both upper and lower case letters, numbers, and special characters it becomes much stronger.  How about the phrase “Go home!  We have four for dinner”.  This could translate into “GoHome!Wehave4fordinner”.  This particular password ranks as STRONG using the Microsoft Password Checker, which allows you to test your passwords.

The BEST possible Passwords

If you want to up the game a notch you could always go for VERY long passwords that are almost impossible to remember. Something like “c62174ea575f4fc6b89012a3bb15a0″.  If you want to go this route, then you should probably think about a password manager.  Password managers create passwords for you, store these passwords securely, and will enter these passwords into forms when on the web.  Some of the better ones are “LastPass” and “Dashlane”.  You can find out more about password managers at the PCMag website. They have an excellent article, which explains the features of each, and  how they are ranked.

Hashing and Salting

Any programmer who is serious about security should be hashing your password and then storing the hashed value, not the plain-text password that you entered.  Hashing is basically one-way encryption.  It will encrypt your password; so that no one can read it and no one can decrypt it.  For example, your password could be “Im4Going2Bed@2″.  Once hashed, this password becomes “543b5ff6acccfb86c59a7552e066b”. The next time that you log into an application, it will compare a “hashed” value of the password you entered with the “hashed” value stored in the database.  If they match, then the application knows that you entered the correct password. “Salting” is the process of adding additional characters to the start or the end of a password to obscure the real password before hashing it.

At Datacon, we take security seriously and we do everything possible to keep your information safe.  This includes using a secure password hash, salting of passwords, and encouraging users to use strong passwords and to change them often.  There are many ways that you can safeguard important data, and hashing and salting is one of the ways that we keep your data safe.