The Sound of Science - 'Salted Hashes'
Sam: Welcome to the Sound of Science. I’m Sam from STEM Outreach.
Jessica: And I’m Jessica from NIU Division of Information Technology. With cyber-attacks on everyone’s minds, we thought it would be nice to introduce some of the basics of password security.
Sam: We’ll get into how attackers get into databases in a future episode, but for now just imagine a large company just had a breach and your information is at risk. Let’s go into some of the measures that go into keeping your information secure.
Jessica: The first line of defense is obviously your password. A poorly managed company might store your password as plain text, which is the worst of the worst. An attacker can simply copy and paste your password without a second thought. To get around this, a decent security team will hash your password. If you’ve ever wondered why you have to reset your password and can’t just look it up, it’s because your password has gone through the hashing encryption process. The database can’t tell you your password because it doesn’t know it. If the database doesn’t know it, the attacker won’t know it. At least not right away.
Jessica: A major factor in security is throwing as many roadblocks at the attackers as possible. The tougher the password, the more options an attacker needs to go through. A good password can bring cracking time from minutes or hours to days or weeks. To make a good password great, a company can salt the hashes.
Sam: Salting is like adding an extra password generated by the system to the password you created. Each user has a different system-created salt, which significantly increase the complexity of your password. More importantly, however, if two people have the same password, the salt makes each of them unique.
Jessica: Okay, that’s a lot and there’s a lot more to it…The take away for today is that security measures are just roadblocks and bottlenecks. Each of us need to actively manage our security by changing passwords every four to six months and watching for data breaches.
Sam: Salted hashes, a delicious morsel of information! If you’re hungry for more, email us at STEMOutreach@niu.edu. This has been the Sound of Science on WNIJ.
Jessica: Where you learn something new every day.