Authentication
| English | Chinese | Pinyin |
|---|---|---|
| hash | 散列值 | sàn liè zhí |
| cryptographic hash function | 密码散列函数 | mì mǎ sàn liè hán shù |
| salt | 盐值 | yán zhí |
| password spraying | 密码喷洒 | mì mǎ pēn sǎ |
| credential stuffing | 撞库 | zhuàng kù |
| biometric | 生物特征 | shēng wù tè zhēng |
Hashing passwords
- A cryptographic hash function 密码散列函数 turns any input into a fixed-length hash 散列值.
- It is one-way: you cannot work backwards to the input.
- The same input always gives the same hash (repeatable).
Salt and storage
- A service stores the hash, never the plaintext password.
- Salt 盐值 (random bits) is added so identical passwords hash differently.
- At login, the system hashes what you typed and compares.
Which authentication factor?
Factors are: something you know, something you have, something you are (biometric), somewhere you are.
A cryptographic hash output is...
A hash is fixed-length and one-way.
Trying one common password against many accounts is...
Password spraying = one password, many users.
Password attacks & factors
- Password spraying 密码喷洒: one common password against many accounts.
- Credential stuffing 撞库: stolen or default credentials.
- Factors: something you know / have / are (biometric 生物特征) / where — combine for MFA.
A service should never store your plaintext password. If it emails you your actual password when you forget it, it is storing passwords unsafely — a serious red flag. Safe services store only the salted hash.
Salt makes two identical passwords produce different stored hashes.
Unique salt per user changes each hash.
Using two or more authentication factors is called ____.
MFA combines factors for stronger security.
Match each proof to its factor type.
Know / have / are are the classic factor types.
Two users both pick the password sunshine. Without salt, both stored hashes are identical, so cracking one cracks both. With a unique salt each, the two hashes look completely different — the attacker must crack each one separately.
Passwords are stored as a one-way, fixed-length hash, with salt so identical passwords differ. Attacks include spraying (one password, many accounts) and stuffing (stolen/default credentials). Authentication factors — know / have / are / where — combine into MFA.