Encrypting passwords

Paladion
By Paladion

July 15, 2004

The cryptographic technique to use for transmitting passwords during authentication is:

  1. Digital signature
  2. Symmetric encryption
  3. Hashing
  4. Salted Hash

The best answer to the quiz is : The cryptographic technique to use for transmitting passwords during authentication is:

4.Salted Hash

The safe method to transmit passwords is the salted hash technique. Digital signatures promise only integrity and not secrecy of the password. Passwords should not be recoverable even if an attacker gets the keys; but, with symmetric encryption the password can be recovered if the symmetric key is stolen. Simple hash to transmit them. As the password always hashes to the same value, if the hash is intercepted, it could be used to replay the authentication again later. Salting adds a random string to the hash and hashes it again. Thus the password is not recoverable from the traffic, nor is the traffic replayable. Salted MD5 is a popular salted hash technique - it can be implemented even in Javascript. A good place to read about salted hash is the Appsec FAQ at OWASP


Tags: Quiz

About

Paladion