Password Security Terminology Research Task
Read the resources provided on Moodle, and do your own research if necessary.
Answer the following questions IN YOUR OWN WORDS. A few simple sentences
for each answer to demonstrate your understanding is all that is required.
1. What is cryptography?
Cryptography is the practice of storing and transmitting data in a way
that is only legible to the intended party. An example of cryptography
would be to hide a message in an image or encrypting its contents
through an algorithm to scramble it.
2. What is the difference between password hashing and encryption?
Encryption is the practice of taking a plaintext password and changing its
contents according to an algorithm, which requires a key to decrypt it
back to its plaintext state.
Hashing is the practice of taking a plaintext password and turning it into a
fixed length string of characters, through hash sums. Hashing cannot be
decrypted at all and its use is to compare hash values of a given word to
see if it matches the hashed original file.
3. Why should we hash passwords?
In the event of a system breach, if an attacker was to navigate to where
the passwords were stored, having them hashed stops the attacker from
changing the permissions and escalating the violation as there is no way
to decrypt hash sums that represent passwords.
4. What is a salt in terms of security (rather than food)?
Salting a password is adding a set of random characters onto the start or
end of a password so the original password cannot be decrypted using
normal value checking decryption. For example ‘Bryan’ will have a
different value than Bryan7$6_9IJ, the latter being the original password
with the salt added onto it.
5. Why are MD5, SHA1 and SHA256 not recommended for protecting
These hashing algorithms are built for speed and to be light on hardware,
and the same applies to someone willing to crack them.
6. What method should NEVER be used to store passwords?
A password should never ever ever ever be stored in plain text.
That’s just silly.
Brenna Bensley