Startup Diary: From Idea To Backend

<p>I&rsquo;m starting work with the backend today. Boring stuff. But this forms the &ldquo;core&rdquo; of any web application. The core needs to be strong.</p> <p>How do I tackle the problem of responsibly and securely storing user passwords? The answer: I don&rsquo;t store them (nor does any responsible web service provider).</p> <p>The typical workflow here is to hash passwords before storing them (pre-hook) to the database. A &ldquo;hash&rdquo; is just a fancy word for an encrypted version of the password.</p> <p>But the solution does not end there. It turns out that human beings &ldquo;statistically&rdquo; use similar passwords. This means that it would be theoretically possible to run a database of statistically similar passwords (low-hanging fruits courtesy of the dark web) through the same hashing algorithm to brute force access.</p> <p>Such attacks are known as &ldquo;rainbow table attacks&rdquo;. The counter to such attacks is to add at least one unique (generated) string to the user input password before hashing it.</p> <p>This string is typically known as &ldquo;Salt&rdquo; or &ldquo;Pepper&rdquo; or both depending on how it is implemented. This way, the stored hash would be completely different even if two users choose the same password.</p> <p>If you are interesed in learning more about this topic,</p> <p><a href="https://medium.com/make-in-public/startup-diary-from-idea-to-backend-3b03b8e8f8d7"><strong>Read More</strong></a></p>