Startup Diary: From Idea To Backend
<p>I’m starting work with the backend today. Boring stuff. But this forms the “core” of any web application. The core needs to be strong.</p>
<p>How do I tackle the problem of responsibly and securely storing user passwords? The answer: I don’t store them (nor does any responsible web service provider).</p>
<p>The typical workflow here is to hash passwords before storing them (pre-hook) to the database. A “hash” is just a fancy word for an encrypted version of the password.</p>
<p>But the solution does not end there. It turns out that human beings “statistically” use similar passwords. This means that it would be theoretically possible to run a database of statistically similar passwords (low-hanging fruits courtesy of the dark web) through the same hashing algorithm to brute force access.</p>
<p>Such attacks are known as “rainbow table attacks”. The counter to such attacks is to add at least one unique (generated) string to the user input password before hashing it.</p>
<p>This string is typically known as “Salt” or “Pepper” or both depending on how it is implemented. This way, the stored hash would be completely different even if two users choose the same password.</p>
<p>If you are interesed in learning more about this topic,</p>
<p><a href="https://medium.com/make-in-public/startup-diary-from-idea-to-backend-3b03b8e8f8d7"><strong>Read More</strong></a></p>