Overview
Explore password security best practices in this JSConf EU 2017 talk. Delve into the world of password hashing, a crucial cryptographic discipline, and learn how to properly safeguard user credentials. Discover the evolution of password protection techniques, from plain text storage to advanced key derivation functions. Examine real-world examples of password breaches and their consequences. Gain insights into hash functions, dictionary attacks, rainbow tables, and salting techniques through practical demonstrations. Understand the importance of work factors and iterated hashing in enhancing security. Investigate modern key derivation functions like Argon and their performance profiles. Learn about synchronous and asynchronous password handling, forward compatibility, and interactive settings. Equip yourself with the knowledge to implement robust password security measures and protect users from potential breaches.
Syllabus
Intro
What are passwords
What do we do
Plain text
Sony hack
What can we do about it
Hash functions
Hash functions demo
Hash digest
Dictionary attack
Rainbow tables
Salt hashes
SHA1 hash
Hashcat
Iterated hashing
Work factor
Use TVKDF
Dropbox
GPU
Key derivation functions
Argon
Performance profile
Blogging
Synchronous
Asynchronous
Secure Password
Missing features
Forward compatibility
Interactive settings
Sync
Taught by
JSConf