Posts
Are you fascinated with cryptography? You’re not alone: a lot of engineers are by fheisler@veracode.com (fheisler).
Cryptography
Photo: fheisler@veracode.com
Occasionally, some of them decide to go as far as to write their own custom cryptographic hash functions and use them in real-world applications. While understandably enticing, doing so breaks the number 1 rule of the security community:??ッdon’t write your own crypto.ツ?
How do hashing algorithms work and what’s special about password hashing? What does it take for an algorithm to get ready for widespread production use? Is security through obscurity a good idea? Let’s see.ツ?
How does password hashing work?ツ?Before storing a user’s password in your application’s database, you’re supposed to apply a cryptographic hash function to it. (You’re not storing passwords in plain text, right? Good. Just asking.)ツ?...
But what if you??ッreally??ッwant to level up your cryptography and learn by doing?ツ?
That’s great! Go forward and practice. Read reference implementations of existing algorithms, play with your own implementations, reach out to the community for advice, and have a great time learning something new and exciting!ツ?
Just don’t use whatever you’ve written in your production applications.ツ?
Source: Security Boulevard
