Programmer Humor

32371 readers

575 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

[email protected]

394

Creating a password in 2023 be like (programming.dev)

submitted 1 year ago by [email protected] to c/[email protected]

93 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (1 children)

Additional to what others have said: The "salted" part is very relevant for storing.

There aren't soooo many different hashing algorithms people use. So, let's simplify the hashing again with the crossfoot example.

Let's say, 60% of websites use this one algorithm (crossfoot) for storing your password, and someone steals the password "hashes" (and the login / email). I could ran a program that creates me a list of all possible crossfoots for all numbers for 1 to 100000.

This would give me an easy lookup table for finding the "real" number behind those hashes. (Those tables exists. Look up "rainbow tables")

Buuuut what if I use a little bit of salt (and pepper pepper pepper) before doing my hashing / crossfooting?

Let's use the pw "69" again and use a salt with a random number "420" and add them all together:

6 + 9 + 420 = 435

This hash wouldn't be in my previous mentioned lookup table. Use different salts for every user and at least the lookup problem isn't such a big problem anymore.

[–] [email protected] 3 points 1 year ago

This was super helpful 🙏🏼 sent me down a whole other rabbit hole of learning