Hashes

Explore how hash functions work and their role in securely storing passwords. Understand one-way hashing, the importance of random salts, and common attacks such as lookup tables, rainbow tables, and collision vulnerabilities to better protect Node.js applications.

We'll cover the following...

- What is a hash?
- Popular attacks
  - Lookup tables
  - Rainbow tables
- - Collision attacks
- Hash collision demo

What is a hash?

First, we need to cover the basics. Hashing is not encryption. A hashing function calculates a fixed-size string from an input. Passwords should be one-way hashed. This means they are impossible to decrypt, making them “one-way.” There is never a need to display a password back to a user or admin. Once a password is entered, it becomes a hash that can be recreated only when the original password is given as input.

Popular attacks

Before discussing any further, let’s delve into popular attacks against hashing algorithms.

Lookup tables

A lookup table is a table of hashes where the ...

1.Introduction

2.Never Trust Your Users. Sanitize ALL Input!

3.HTTPS and Other Random Letters

4.Password Encryption and Storage for Everyone

5.Authentication, Access Control, and Safe File Handling

6.Safe Defaults, Cross Site Scripting, and Other Popular Hacks

Hashes

What is a hash?

Popular attacks

Lookup tables