Skip to content

Instantly share code, notes, and snippets.

@at1as

at1as/password_salting.md

Last active August 27, 2015 13:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save at1as/9e6584fe8f3d015e82dd to your computer and use it in GitHub Desktop.
Save at1as/9e6584fe8f3d015e82dd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
password_salting.md

Plain Text Password

jason$ PASSWORD="Passw0rD"

Hashed password using md5

Safer: If someone has access to the database, they cannot see the passwords in plaintext and must run them through a hashing algorithm

jason$ echo $PASSWORD | md5
c0e49fa492cf94f8a9eab8b8166f271b

Salted and hashed password using md5

Safer: A unique plaintext salt is added to the end of each user password (and stored in plaintext). This makes hash unique, so an attacker cannot look up accounts using the most frequently occuring hashes and substitute those for obvious passwords

jason$ SALT="ABC"
jason$ echo $PASSWORD$SALT | md5
122ff72ec91f3fd32509f94b5760ce85
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment