Lecture 3

Question 1

SQL injection

Answer 1

• Code injection technique that might destroy your database.

Question 2

Password Hashing

Answer 2

Hashing is the process of generating a string, or hash from a given message using a mathematical function known as cryptographic hash function.

Question 3

Four properties of password hashing:

Answer 3

1. It should be deterministic: The same message processed by the same hash function should always have the same hash.
2. It’s not reversible: It’s impractical to generate a message from its hash.
3. It has high entropy: A small change to a message should produce a vastly different hash.
4. It resists collisions: Two different messages should not produce the same hash.

Question 4

Rainbow table

Answer 4

A precomputed table for reversing cryptographic hash functions, usually for cracking password hashes.

Question 5

Salts

Answer 5

Short random set of characters that are appended to the end of a password before it is hashed. Not added by the client. Same for a bunch of passwords.

Question 6

Peppers

Answer 6

Short string or character appended to the end of a password. Peppers are different and random for each password. Not added by the client. Pepper is not stored.

Extra time to crack, extra time to log in has the password will have to be hashed all the way until the password is correct.