security - Salting - the order of steps -


when salting password, correct way (or effective way)?

a. first hash password , hash hash of password salt this:

$password = "passwd";  $salt = "s0merndslt";  $password = sha1($password);  $salty = sha1($password.$salt);

b. take password , salt , hash them this:

$password = "passwd";  $salt = "s0merndslt";  $salty = sha1($password.$salt);

my apologies if has been asked before not find answer specific part of salting on so.

in reality, either case.

however, example #1 provides time tradeoff (slightly) slow down brute force password finders.

with advent of gpus, salting passwords is not enough. gpu-backed brute-force password tool, when given set of passwords find, can accomplish short passwords in matter of minutes (or seconds).

this why tools or algorithms such bcrypt or pbkdf#2 exist: iterate hashing operation many times produce large workload, makes finding passwords hash "infeasible" on commodity hardware.

when in doubt, don't implement own password hash solution! use bcrypt or pbkdf#2.


Comments

Post a Comment

Popular posts from this blog

c++ - Is it possible to compile a VST on linux? -

for class project i'm attempting write vst plugin backed cuda. current cuda workflow on linux box, i'd prefer compile , link there. according wikipedia , should possible (i couldn't find steinberg documentation relevant linux) can't find makefile or instructions on how build if aren't using xcode or visual studio. i'm vst 3 sdk doesn't support linux. when try compile plugin under linux, error: ./base/source/fatomic.cpp:39:30: fatal error: libkern/osatomic.h: no such file or directory this issue caused following code in "vst3 sdk/base/source/fatomic.cpp" #if mac #include <libkern/osatomic.h> #if mac_os_x_version_min_required > mac_os_x_version_10_4 #define native_atomic_type (volatile int32_t*) #else #define native_atomic_type (int32_t*) #endif #elif windows #include <windows.h> #endif but hope compiling under linux work vst sdk 2.4. reading. jvstwrapper seems run on lin...
Read more

java - Output of Eclipse is rubbish -

i want write program in eclipse language different english. when display output using system.out program, displays output correctly in console editor. when accept input console , output it, output rubbish. how can solve it. many thnaks i'm not sure if problem, have character encoding problem. make sure you're using unicode, utf-8. you can read more @ official docs converting non-unicode text .
Read more

jquery - Confused with JSON data and normal data in Django ajax request -

i read json internet still have not got grasp of it. reading article http://webcloud.se/log/ajax-in-django-with-jquery/ i not understood first part function using json def xhr_test(request, format): if request.is_ajax(): if format == 'xml': mimetype = 'application/xml' if format == 'json': mimetype = 'application/javascript' data = serializers.serialize(format, examplemodel.objects.all()) return httpresponse(data,mimetype) # if want prevent non xhr calls else: return httpresponse(status=400) my main problems are from function getting format variable does format json mean data given function json or data recived json can give me simple example ouput of function data = serializers.serialize(format, examplemodel.objects.all()) how use data when response in jquery function if don't use json in above function how input , response chnage thanks ...
Read more