I’ve talked extensively about how the right tool also includes the necessary ingredient of “time” as part of the password hashing algorithm and what it means for the attacker who’s trying to crack passwords through brute-force. When working with node.js applications, whether a vanilla Javascript application, a web server like express.js or connect or anything in between, there’s a secure way we can store user credentials, but it’s not just using the right hashing algorithm. This practice left thousands and sometimes millions of users vulnerable, not only on the original site in question, but on any additional sites on which the same credentials were used. Every year we continue to see news articles and Pastebins about data breaches where user accounts were stored either in plaintext (seriously!) or using an inferior hashing algorithm.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |