-->

Tuesday, 17 March 2020

password salting hash it more complex and even hard to reverse

password salting hash it more complex and even hard to reverse  ( hackingtruth.in or kumaratuljaiswal.in )




Password salting is the process of adding additional character in the password to one-way function. This function of character makes the password more difficulto to reverse the hash. Major advantage or primary fucntion of password salting is to defeat the dictionary attacks and pre-computed attacks.password salting hash it more complex and even hard to reverse. 

Consider the following example, one of the hashed value is of the password without salting, while another hsahed value is of the same password with salting.



Without Salting : 23d42f5f4664498b2c88ff4c20b8c5ac82e47146

With Salting : 87dd36bc045620bd4cbd4c94e9e2bd165c2952dgc873yrD3



password salting hash it more complex and even hard to reverse  ( hackingtruth.in or kumaratuljaiswal.in )




By adding a lot of random characters in a password make it more complex and even hard to reverse.


Note: Never tell anyone using your registration forms that their selected password is not unique. A system like that in place will allow hackers to crack passwords in record time!


Mitigating Password Attacks with Salt


To mitigate the damage that a rainbow table or a dictionary attack could do, we salt the passwords. According to OWASP Guideliness, a salt is a fixed-length cryptographically-strong random value that is added to the input of hash functions to create unique hashes for every input, regardless of the input not being unique. A salt makes a hash function look non-deterministic, which is good as we don't want to reveal password duplications through our hashing.

Let’s say that we have password farm1990M0O and the salt f1nd1ngn3m0. We can salt that password by either appending or prepending the salt to it. For example: farm1990M0Of1nd1ngn3m0 or f1nd1ngn3m0farm1990M0O are valid salted passwords. Once the salt is added, we can then hash it. Let's see this in action:


password salting hash it more complex and even hard to reverse  ( hackingtruth.in or kumaratuljaiswal.in )




Prepending the Salt

Password: farm1990M0O

Salt: f1nd1ngn3m0

Salted input: f1nd1ngn3m0farm1990M0O

Hash (SHA-256): 7528ed35c6ebf7e4661a02fd98ab88d92ccf4e48a4b27338fcc194b90ae8855c
Appending the Salt

Password: farm1990M0O

Salt: f1nd1ngn3m0

Salted input: farm1990M0Of1nd1ngn3m0

Hash (SHA-256): 07dbb6e6832da0841dd79701200e4b179f1a94a7b3dd26f612817f3c03117434





password salting hash it more complex and even hard to reverse  ( hackingtruth.in or kumaratuljaiswal.in )



How To Generate Salting Password


SaltThePass is a password generator that will help you generate unique, secure passwords for all of the websites you visit based on a single Master Password that you remember. click Here :- https://saltthepass.com/



othewise you can also third party software. It comes with simple Instaler that helps you to install it locally on your system for regular usage. It has intuitive setup wizard which guides you through series of steps in completion of installation.

License  : Freeware
Platform : Windows XP, 2003, Vista, Windows 7, Windows 8

but you can also use it with " wine " in Linux


https://drive.google.com/open?id=1BkKGWU6RNbm6yUEXXSMCamkswMI0fr_O



ScreenShot


Screenshot 1 : SaltedHashGenerator is generating hashes for various password & salt combinations





Screenshot 2:  HTML report of generated hash list.





In Kali Linux











In this article, we tried to share our knowledge about Password Salting which may help you to keep a secure password. Share your thoughts through comment box. I hope you liked this post, then you should not forget to share this post at all.

Thank you so much :-)






My Self Kumar Atul Jaiswal Urf HackerboY and Kumar Atul Jaiswal is a name among millions who struggled failed and surged ahead in search of how to become a Hacker ( passionate about Hacking just like profession an entrepreneur ), just like any middle class guy, he too had a bunch of unclear dreams and a blurred version of his goals in life 😊.

0 comments:

Post a Comment

Contact

Send Us A Email

Search This Blog

Address

Contact Info

The page name itself is a call-to-action; Treat it with some respect.!

Address:

15, Ranchi, India, 834002

Phone:

404

Email:

kumaratuljaiswal222@gmail.com

atulthehacker222@gmail.com