![]() ![]() Now suppose that Mr. Talk (the neighbor’s cat, who is always up to no good as far as Molly is concerned) has breached Barkbook obtaining the database of password hashes. If the hash matches what is stored Barkbook will let the user in as Molly. The hash is the Fb/z9cqyMwjysyTodjbec/ part.Įvery time someone tries to log in as Molly, Barkbook would use the same hashing scheme with the stored salt to hash the received password. ![]() …which includes an indicator of the hashing scheme, the salt, and the hash. ![]() ![]() Barkbook would store something like… $1$NP8pjY13$Fb/z9cqyMwjysyTodjbec/ To keep the examples short, I am going to to pretend that Barkbook uses a very outdated password hashing scheme. When Molly first signs up, Barkbook will receive the password and store a hash of it. Molly, as some regular readers may recall, is obsessed with squirrels and really bad at picking passwords. Suppose Molly (one of my dogs) signs up for the service Barkbook using the password Squirrel!. Lots of things happen when a service gets breached, but let’s review what it means for the password someone may use for that service. If you already know a bit about password cracking and hashing, just skip this section. Let’s review what happens when some service gets breached. The fact that we do so should give some idea of just how important the Secret Key is for security. Burdening users with an additional task that is hard to understand is really not our style. Not only is it difficult to understand, it places an additional burden on users. However, its uniqueness makes it difficult to understand. It offers our users exceedingly strong protection if our servers were to be breached. The Secret Key is central to what makes 1Password’s security uniquely strong. Instead of thinking in terms of “is it like a second factor” or “is it like a key file” it’s best to explain it in terms of what it actually does: It protects you if we were to be breached. A unique feature of 1Password’s security is the Secret Key, but its value is often misunderstood by users and security experts alike. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |