Skip to main content
Information Security

Return to Question

Question Protected by CommunityBot
Tweeted twitter.com/#!/StackSecurity/status/555001493179211776
added 24 characters in body
Source Link
user10211
user10211

If I hash passwords before storing them in my database, is that sufficient to prevent them being recovered by anyone?

I should point out that this relates only to retrieval directly from the database, and not any other type of attack, such as bruteforcing the login page of the application, keylogger on the client, and of course rubberhose cryptanalysisrubberhose cryptanalysis (or nowadays we should call it "Chocolate Cryptanalysis").
  

Of course any form of hash will not prevent those attacks.

If I hash passwords before storing them in my database, is that sufficient to prevent them being recovered by anyone?

I should point out that this relates only to retrieval directly from the database, and not any other type of attack, such as bruteforcing the login page of the application, keylogger on the client, and of course rubberhose cryptanalysis (or nowadays we should call it "Chocolate Cryptanalysis").
 Of course any form of hash will not prevent those attacks.

If I hash passwords before storing them in my database, is that sufficient to prevent them being recovered by anyone?

I should point out that this relates only to retrieval directly from the database, and not any other type of attack, such as bruteforcing the login page of the application, keylogger on the client, and of course rubberhose cryptanalysis (or nowadays we should call it "Chocolate Cryptanalysis"). 

Of course any form of hash will not prevent those attacks.

removed obselete reference to area51
Source Link
AviD
AviD
  • 73.8k
  • 25
  • 143
  • 224

If I hash passwords before storing them in my database, is that sufficient to prevent them being recovered by anyone?

I should point out that this relates only to retrieval directly from the database, and not any other type of attack, such as bruteforcing the login page of the application, keylogger on the client, and of course rubberhose cryptanalysis (or nowadays we should call it "Chocolate Cryptanalysis").
Of course any form of hash will not prevent those attacks.

From the original Area51 proposal.

If I hash passwords before storing them in my database, is that sufficient to prevent them being recovered by anyone?

I should point out that this relates only to retrieval directly from the database, and not any other type of attack, such as bruteforcing the login page of the application, keylogger on the client, and of course rubberhose cryptanalysis (or nowadays we should call it "Chocolate Cryptanalysis").
Of course any form of hash will not prevent those attacks.

From the original Area51 proposal.

If I hash passwords before storing them in my database, is that sufficient to prevent them being recovered by anyone?

I should point out that this relates only to retrieval directly from the database, and not any other type of attack, such as bruteforcing the login page of the application, keylogger on the client, and of course rubberhose cryptanalysis (or nowadays we should call it "Chocolate Cryptanalysis").
Of course any form of hash will not prevent those attacks.

make the title a question
Source Link
nealmcb
nealmcb
  • 21k
  • 6
  • 73
  • 118

Password hashing How to securely hash passwords?

If I hash passwords before storing them in my database, is that sufficient to prevent them being retrievedrecovered by anyone?

I should point out that this relates only to retrieval directly from the database, and not any other type of attack, such as bruteforcing the login page of the application, keylogger on the client, and of course rubberhose cryptanalysis (or nowadays we should call it "Chocolate Cryptanalysis").
Of course any form of hash will not prevent those attacks.

From the original Area51 proposal.

Password hashing

If I hash passwords before storing them in my database, is that sufficient to prevent them being retrieved by anyone?

I should point out that this relates only to retrieval directly from the database, and not any other type of attack, such as bruteforcing the login page of the application, keylogger on the client, and of course rubberhose cryptanalysis (or nowadays we should call it "Chocolate Cryptanalysis").
Of course any form of hash will not prevent those attacks.

From the original Area51 proposal.

How to securely hash passwords?

If I hash passwords before storing them in my database, is that sufficient to prevent them being recovered by anyone?

I should point out that this relates only to retrieval directly from the database, and not any other type of attack, such as bruteforcing the login page of the application, keylogger on the client, and of course rubberhose cryptanalysis (or nowadays we should call it "Chocolate Cryptanalysis").
Of course any form of hash will not prevent those attacks.

From the original Area51 proposal.

tagged
Link
AviD
AviD
  • 73.8k
  • 25
  • 143
  • 224
edited tags
Link
AviD
AviD
  • 73.8k
  • 25
  • 143
  • 224
non-crypto pwd retrieval
Source Link
AviD
AviD
  • 73.8k
  • 25
  • 143
  • 224
Source Link
AviD
AviD
  • 73.8k
  • 25
  • 143
  • 224