How NOT to Store Passwords! - Computerphile

Author: Computerphile
999990 View
9m 24s Lenght
18649 Rating

Security of users' passwords should be at the forefront of every web developer's mind. Tom takes us through the insecure ways in which some websites deal with passwords. Note: At circa 8mins, the animation does not show how the 'salt' is also stored in the database alongside the username. Hashing Algorithms and Security: http://youtu.be/b4b8ktEV4Bg Security of Data on Disk: http://youtu.be/4SSSMi4X_mA More from Tom Scott: http://www.youtube.com/user/enyay and https://twitter.com/tomscott http://www.facebook.com/computerphile https://twitter.com/computer_phile This video was filmed and edited by Sean Riley. Computerphile is a sister project to Brady Haran's Numberphile. See the full list of Brady's video projects at: http://bit.ly/bradychannels

Comments

  1. Alight but is it okay​ to just save a plain salt text in database?!!!
  2. Where do you store the random strings ?
  3. I'm watching this years in the future!
  4. thank you for this advice! :) the best advice on storing password that i have ever seen on the internet! :)
  5. i come from the future, tom... you tried to warn us (and Adobe, and so many), but we didn't listen......
  6. Adobe advertisement beside this video XD
  7. I don't like how you just gave everyone my password at the end of your video...
  8. What's difference between hashing and common encryption key?
  9. "Maybe you're watching this years in the future..."
    h e k n o w s
  10. You said that if we encrypt the same string twice, we will have the same result! , I disagree with this because a good encryption algorithm requires the opposite , but in the case of hashing algorithms ,the same input produce the same result
  11. I'm now "years into the future" - how amazing!
  12. I'm watching this years in the future!
  13. It's funny because I watched your entire video just to find out that I've been doing it the recommended way XD. Which I kind of already knew. I use SHA-512 and then a randomly generated 10 char salt that includes all letters in both cases, all numbers, and all symbols.
  14. which hash algo is the best
  15. awesome
  16. just realised that I AM watching this YEARS into the future...
  17. I almost used the Username as a salt XD Thanks
  18. i hate that sites wont let me make a password that has more than 20 caracters and say i cannot use symbols
  19. are password manager apps like LastPass safe? they claim to have military grade protection
  20. watchin' this 3 years later.