It takes a bit longer to generate the tables. You could also create one yourself, by just generating hashes for combinations of characters. The problem here is that people created massive hash tables, notably referred to as hash-lookup tables, where you could just search for the hash, and then find the corresponding plain-text password. Initially, with validation in mind, you may think well isn't this a requirement anyway? How else can we achieve validation? You will find that the output is the same every time. The problem, however, arises with the following: Run the script two times, or five times. If you just saw that hash in a database, you'd have no idea what it meant. This was where a hash function was applied to what the user input, and that hash was what was stored as a password. One of the more primitive measures taken was simple password hashing. The problem is, with passwords, we actually need to be able to validate what a user enters in the future as the original password. So then how might we obscure passwords? Obscuring original text is easy enough, we can right a randomized algorithm that does this. Not only might someone who works for you steal user passwords, a hacker might, or even the host to your server might, if you are using a virtual private server, or shared hosting. In a perfect world, no one would invade a user's privacy, but this world is not perfect. If your database stores plain-text passwords, at the very least, you are going to see the passwords yourself, and so will anyone who has access to your server. To begin, you can probably understand why it is important to encrypt passwords to begin with. Not only is it important for security practices, it's also just pretty cool how it works! Because of this, you should know at least at a high level, how it works. Maybe you end up working in another language, or maybe passlib doesn't support the version of Python you are using in the future. While we have already incorporated the password hashing into our registration page, I wanted to take some time to go over what is actually happening.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |