-
What? to make secrets
-
Best practices - src
- To store password
- don’t store passwords
- Main
- use modern slow hashing algos + salt
- in addition, use pepper
- To store password
-
Theory
- HASH - input to fix length value of garbage though specific algo, 1 way function
- what?
- always gives same output from input
- hard to reverse engineer original value from hash
- algos
- Normal
- sha256
- Slow - needs power & memory (can choose work factor)
- argon2
- scrypt
- bycrypt
- Normal
- what?
- Salting - used to empower hash w random trash
- to fix HASH that gives same output from same input
- prevent dictionary attacks (called rainbow tables in this context) like this where hackers pre-compute the password using the same hashing algo
- How? - use it before hashing
- to fix HASH that gives same output from same input
- Pepper - random stuff known only by enviroment
- HMAC
- Encryption
- SIGNING - to know who’s actual sender
- asymmetric vs symmetric encryption
- HASH - input to fix length value of garbage though specific algo, 1 way function