Join Kevin Skoglund for an in-depth discussion in this video Salting passwords, part of Foundations of Programming: Web Security.
- View Offline
- We now know that we must encrypt all passwords.…Salting passwords when performing encryption…is considered a best practice.…Let's begin by gaining an understanding of why that is.…One of the main enemies of encryption are rainbow tables.…Rainbow tables are pre-computed tables of password hashes…for each hashing algorithm.…Let me explain.…So we've already seen that we can have a password,…we can run it through a hashing algorithm,…like SHA-1,…and at the end, we'll get back an encrypted string.…And we know that that is a one-way encryption.…
We can't decrypt that string to get our password back.…So if a hacker gets their hands on that encrypted string,…maybe they've done some kind of a hack…using SQL injection.…Well, they won't be able to decrypt it, right?…But if the hacker was really determined,…they could take each and every word in the dictionary…and run it through SHA-1 encryption.…If a result matched your encrypted string,…then they know that their input must be your password.…Remember, the same input plus the same algorithm…
This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.
- Why security matters
- What is a hacker?
- How to write a security policy
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Session hijacking and fixation
- Passwords and encryption
- Secure credit card payments
Skill Level Beginner
1. Security Overview
2. General Security Principles
3. Filtering Input, Controlling Output
4. The Most Common Attacks
5. Encryption and User Authentication
6. Other Areas of Concern
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.