bcrypt
We live in a world that is currently connected in so many ways. We are connected to places by means of roads, waterways, and airways to say the least. We are also connected to each other by many means of communication. There are so many things that are now at the reach of my fingertips through our cell phones. Most of us use the internet on a daily basis and we create accounts in different sites that contain sensitive information about us.
An important question we need to ask is, how to protect sensitive information from people who want to exploit it? Thankfully we can use bcrypt, a password hashing function. What does that mean? Hashing means that when a user enters a password, bcrypt turns that password into another string of characters much longer than the initial. Hashing is a one way street, which means you can only hash one way and trying to reverse the newly hashed password, it’s almost impossible. Another thing to know about hashing is that when bcrypt hashes a password, it’s always the same hash password that is generated. So that means that when the user enters the password again, bcrypt will generate the same hash and then the application compares it to the hash already stored in the database.
However, hashing alone is not enough for a password to be secured. We need to add another level of security with a salt. A salt is a value generated cryptographically by a secure function that generates a random string that gets added to the input of hashing functions to create unique hashes. Although the original hash will be the same, adding the random salt will make it harder for hackers to match it. Now the hash is even harder to crack through brute force.
Why is it important to use bcrypt as a way of hashing passwords but also adding a salt to a password? Because without it, hackers can figure out passwords by using something called rainbow tables. A rainbow table is a database of precomputed plaintext passwords and their corresponding hash value. Once a hacker gains access to a system’s password database, then the rainbow table associates plaintext possibilities on the table to the ones in the system. Now the hacker knows potential hashed passwords that can be exploited.
In a world that is as connected as the one we live in, it is important to keep our sensitive information private because people will find ways to exploit our information for monetary gains.
