Adding Salt to Hashing: A Better Way to Store Passwords
Вставка
- Опубліковано 20 лип 2024
- Adding salt to hashes refers to adding random data to the input of a hash function to guarantee a unique output, even when the inputs are the same. In this video Developer Advocate Will Johnson walks you through the benefits of adding Salt to your Hashes and breaks down how the process works.
Corresponding Blog Post:
auth0.com/blog/adding-salt-to...
Chapter Markers:
00:00 Introduction
03:08 The Vulnerabilities of Unsalted Hashes
07:24 Mitigating Password Attacks with Salt
12:17 Generating a Good Salt
17:06 Recap and Conclusions
#hashing #login #developer #authentication
-----------------------------------------------------------------------------------------------
Try Auth0 by Okta for free - a0.to/yt-signup
The Auth0 by Okta blog - a0.to/blog - Наука та технологія
Love how you broke this down into easy to understand terms. Great explanation!
Thank you!
This was an awesome explanation. Thank you for making things easy to understand! Great job 😎
Thanks!
excellent video! every programmer should be required to watch this video!
Thanks for the feedback! We're happy to hear you found it helpful.
Best explanation ever. Only thing I would add is that you can append the salt to the hash, then store that in the db. That way you don't need a separate salt column in the db.
Great point!
Either way, if the attacker gets the DB he also has the salt for each user. What the point then to use a salt, unless you keep it _separate_?
...and this is how educational content should be made
Nice to get some things that I was "sort of sure that's how it is" hammered in. Great video, and great pacing.
Thanks for your feedback! We'll be creating lots of more content like this to cover more identity and security concepts :) Please subscribe to our channel if you'd like to see more.
Thank you!
Man, this video is awesome hahaha your shadowboxing had me laughing out loud. Also holy crap your production quality and visuals are top tier. I can't imagine how long this took. Definitely the most clear and easy to understand video I've seen on hashing, you explained all the concepts in a human way, and not like a robot way lol. Instant sub! Great job
Thanks for watching and subscribing! Glad to hear this video was helpful for you. If there are other subjects you'd like to see covered let us know!
Informative and actually quite entertaining to watch!
good work, just wanted to watch part of the video and watched until the end
Great explanation! Thanks
Informative and educational 😊
Thank you for this!
Very nice video, thnx!
Glad that you enjoyed it! Thanks for watching!
Awesome tutorial Will
Thanks for watching!
Thank Kelvin!
Nice info! Thanks so much.
Thanks for watching!
Great Video
Thanks!
can Auth0 provide user level resource access control overriding existing roles/permission hierarchies..just because we don't want to create too many roles&permissions
nice work
Thanks!
Thank you.
You are welcome. Thanks for watching!
Spring Security in Java Ecosystem right, its not for js I think
Well done video and cool looking guy🙂
😎 Thanks!
you said the salt is stored in plaintext?
I don't understand how a salted password with random salt can match the saved hash on database.
Great question!
The salt should be stored with the hashed password
When the checking the entered password the salt is grabbed and added to the entered password
The stored salt is added to the entered password then hashed and compared to the hashed password in the database.
Does that help?
@@WillJohnsonio oook, kind regards :)
Happy me the 100th up😂
haha! Team work makes the dream work!
🔥👏 Thanks for sharing 💙