Digital Credibility and Phishing, Part IV — Passwords

This post follows up on the two-minute tech tip I recorded for Episode 255 of the Just the Books podcast. This post continues the discussion of website trust and credibility focusing on the recent LinkedIn password incident and ways to protect passwords.

Earlier this week it was reported and confirmed that a large number of hashed LinkedIn passwords were stolen.

Beyond reminding users to create strong passwords and change them routinely, this has introduced a few new words into the lexicon of many people.

Hashes take an input, a string, and encode it into another string of a pre-determined length. If the input string is altered, then the resulting hash will different. They are often used for password management. Passwords are a secret code used to identify and provide access.

Rainbow Tables are lists that let you reverse (“crack”) the hashed password. They are pre-computed for a specific length of password and set character set. If a password is longer than the rainbow table or includes characters not in the table, it is immune from attack from that particular table. The links below are pretty math/programming/developer intensive, but perhaps you’ll find them of interest.

Salt is random bits added to a password before storage. Adding these extra characters increases security and assists in some protection against hacking.

Password Managers are services that remember your passwords so you don’t have to. They will generate and store passwords for you. You just need to recall the master password to get into the encrypted database.

  • LastPass – this popular tool offers many free features or you can pay for some premium additional services.
  • KeePass – is similar to LastPass the difference is that it is opensource. This means that you can have a look at its full source and check whether the encryption algorithms are implemented correctly.