Making Dope Level stuff with Programming skills is good but Protecting your users from being Hacked is Great ❤❤ ...one Important thing we should keep in mind while connecting to server-side programming is the security of Database | Passwords | User's data..
Examples of some Big firm once faced security vulnerability issues are:
- LINKED IN - 2012 (Lots of accounts were hacked)
- Adobe clouds - 2013
People do not know that there account are been hacked and information are sell to hack into there PayPal Account or bank accounts maybe...
- Are they not at least Encrypting or hashing there passwords...? ... THEY ARE!
Notice That :
- The arrows pointing towars hashes are identical.
- Which means the user with the corresponding hash has same password.
Note That: Hashes are same for the same string..😢
- Hacker would realize that these three peeps have same password .
- He start's constructing a hash table. like below..👇👇
- Compare's the hash with the password...
- BOOM!💣 You've been Hacked.. 👨💻👨💻👨💻
What we Need 🤔🤔🤔
- All words from a dictionary (150,000 Approx)
- All numbers from telephone book (5,000,000 Approx)
- All combinations of characters up to 6 places (19,770,609,664 Approx)
ADD THEM ALL : you got 19 billion combinations (Approx)
you could possibly do that with one of the latest GPU's....
- Latest GPU's can Calculate about 20,000,000,000 MD5 Hashes/second....
- That means, we can hack that 19 Billion hashes, if we don't have common passwords among the users..
- It would take only (0.9s Approx). 😁😁😎
- Developers uses Salting for Encrypting their passwords..
- SALTING : A salt is random data that is used as an additional input to a one-way function that hashes data and passwords. Cryptographic salts are broadly used in many modern computer systems, from Unix system credentials to Internet security.
- As the linkedin and adobe were hacked previously .... the most common passwords are been leaked and now is of NO-USE.
- Splash Data (Has the list of Most common passwords..)
- That's why big Companies now-a-days changes there hash functions every day..To protect their User's from being Hacked 👨💻👨💻...
- check security vulnerability.
- Use High Level of Encryption such as Bcrypt
Use .env for protecting API keys.
npm i dotenv --save
- Then make a file on your root directory.
- open your .env file and put your secrets String inside it..
- if Working with node.js
- Add following :
But your secrets are still in danger..don't worry.
- Keeping the .env file in gitignore will save you..
- As if you saved you secrets in a github repo .. anyone can see it..But adding the .env file to gitignore will ignore your .env file..
Stacked data needs to be protected...
Hope You have Learned Something New and Interesting..
Happy Hacking!!! 👨💻👨💻