Week 17 - Session 1 - User Authentication - Signup/Login with password



Almost any application will eventually need to store a collection of passwords or another type of data that has to be stored using a hashing algorithm. Blogs, forums, issue trackers, they all need to store user data and these passwords. Hashing is the greatest way for protecting passwords and considered to be pretty safe for ensuring the integrity of data or password.

There are some weaknesses in a cryptographic hash algorithm that allows an attacker to calculate the original value of a hashed password:

Brute Force attack: Hashes can’t be reversed, so instead of reversing the hash of the password, an attacker can simply keep trying different inputs until he does not find the right now that generates the same hash value. Using a modern computer one can crack a 16 Character Strong password in less than an hour, thanks to GPU.

Hash Collision attack: Hash functions have infinite input length and a predefined output length, so there is inevitably going to be the possibility of two different inputs that produce the same output hash. MD5, SHA1, SHA2 are vulnerable to Hash Collision Attack i.e. two input strings of a hash function that produce the same hash result.

To overcome such issues, we need algorithms which can make the brute force attacks slower and minimize the impact. BCrypt is based on the Blowfish block cipher cryptomatic algorithm and takes the form of an adaptive hash function.

Using a Key Factor, BCrypt is able to adjust the cost of hashing. With Key Factor changes, the hash output can be influenced. In this way, BCrypt remains extremely resistant to hacks, especially a type of password cracking called rainbow table.

This Key Factor will continue to be a key feature as computers become more powerful in the future. Well, because it compensates for these powerful computers and slows down hashing speed significantly. Ultimately slowing down the cracking process until it’s no longer a viable strategy.

bcrypt - https://www.npmjs.com/package/bcrypt
Use BCrypt Fool! - https://yorickpeterse.com/articles/use-bcrypt-fool/

Popular posts from this blog

Week 9 to 12 - Learning with MCR Codes

Image
My experience with  @MCRcodes   as a Quality Assurance Tester.  This is an evening part-time coding boot camp based in central Manchester which runs for 24 weeks, from February 2018 to July 2018. Week 9 (April 2018) - After spending two decades using the internet, I finally have an understanding how it works now, and the communication between the server and the client. Nice to create and run a simple server using Express and I now know what API actually means now, I think. Really appreciate how amazing and powerful the npm  package manager really  is, and looking forward to installing other future packages.  We have now started our back-end programming journey. Session 1 -  The Internet, the Web, HTTP Session 2 -  Web APIs & Express Week 10 - Really enjoying creating and reading test units for server assignments. Additionally, learning s ynchronous/a synchronous programming has been a tease.   Unfortunately, I was unable to attempt few classes due to unplanned c
Read more

Week 9 - Session 1 - The Internet, the Web, HTTP

Image
blog image source The internet, a worldwide network of computer networks, a llows transfer of information between networks, and the information is transferred using the internet protocol suite (IP/TCP). One of the most commonly used services on the internet is the world wide web (www). A primary mode of transferring data (resources) over the internet for billions. The application protocol that makes the web work is hypertext transfer protocol. blog image source As web developers, we are mainly interested in HTTP,  a protocol that web browsers and web servers use to communicate with each other over the Internet.  The Hypertext Transfer Protocol (HTTP) is designed to enable communications between clients and servers. HTTP works as a request-response protocol between a client and server. A web browser may be the client, and an application on a computer that hosts a website may be the server. How does the Internet work? -  https://developer.mozilla.org/en-US/docs/Learn/Common_
Read more