Salting Hashed Passwords to Mitigate Brute Force Attacks

From spideroak.com

Password and account protection as a whole should be a must in the day-to-day actions of the top web sites today, aka LinkedIn, Facebook, Adobe, and many others.

The link at the end of this post links to an article, which touches a bit on the need for salting hashed passwords to help prevent brute force attacks and others mischief that hackers tend to get into. I also agree that it is not just up to the site administrators to protect the data that is stored about their users, but it is also up to the users to protect their own data and they should consider their data to be vulnerable at all times, which means they should take necessary action to protect their content to the best of their ability.

While of the topic of password strength and security, it is a good idea for users to change their passwords on a regular basis. A good rule of thumb is to change account passwords every six months or so. However, if the users does not want to change their passwords as often they create a more complex password, which would be much more difficult for someone to guess or brute force. If the user were to create a twelve character password using upper and lower case letters, numbers, and special characters (@, #, $, %, ^, &, *, !, ?), their would be C^n number of possibilities, where C is the number of possible characters to be used and n being the length of the password, to create a password that is more resistant to common brute force attacks. If the users were to create a password using the above mention criterion, there would be 1.6409682740641e+22 possible combinations to create a password from. That is a very large number.

Read more from the article at: http://readwrite.com/2012/06/07/avoiding-password-breaches-101-salt-your-hash#awesm=~omk3oCAhW25c7f

Twitter: @Th3MattWilson

Comments

Popular posts from this blog

Emby Media Server | Arch Linux

Installing Arch Linux & Gnome 3 Desktop