Storing passwords in uncrackable form
Source: H Security - Posted by Dave Wreski   
Server Security News about intrusions into the servers of online stores, games vendors and other internet services can now be read on an almost daily basis. Often, the intruders obtain customers' login data including their passwords. As many people use the same password in multiple places, criminals can use the passwords to obtain unauthorised access to further services. To prevent passwords from being extracted, web site operators usually protect their users' passwords through such cryptographic techniques as one-way hashing. For this purpose, a character string that doesn't allow any conclusions to be drawn about the actual password is derived from the password. The only way of finding out whether a password matches a hash is to rehash the password and compare the results. This method is used by the authentication systems of operating systems and web applications and also by password crackers.

Read this full article at H Security

Only registered users can write comments.
Please login or register.

Powered by AkoComment!