Understanding Hacking 101

May 05, 2020

Alt Text

Making Great stuff with Programming skills is good but Protecting your users from being Hacked is Great ❤❤ …one Important thing we should keep in mind while connecting to server-side programming is the security of Database | Passwords | User’s data.. Examples of some Big firm once faced security vulnerability issues are:

  • LINKED IN - 2012 (Lots of accounts were hacked)
  • Adobe clouds - 2013

People do not know that there account are been hacked and information are sell to hack into there PayPal Account or bank accounts maybe…

Why is it that all of these big companies are getting hacked and leaking their user’s passwords?

  • Are they not at least Encrypting or hashing there passwords…?
    … THEY ARE!

IMAGINE you’re a hacker you hacked into the linked-In’s database and you see this. Alt Text

Notice That :

  • The arrows pointing towars hashes are identical.
  • Which means the user with the corresponding hash has same password.

Note That: Hashes are same for the same string..😢

  • Hacker would realize that these three peeps have same password .
  • He start’s constructing a hash table. like below..👇👇

Alt Text

  • Compare’s the hash with the password…

Alt Text

  • BOOM!💣 You’ve been Hacked.. 👨‍💻👨‍💻👨‍💻

What if the passwords are not same or common?

let’s make a hash table…

What we Need 🤔🤔🤔

  • All words from a dictionary (150,000 Approx)
  • All numbers from telephone book (5,000,000 Approx)
  • All combinations of characters up to 6 places (19,770,609,664 Approx)

ADD THEM ALL : you got 19 billion combinations (Approx)

BUT HOW TO DO THAT…? 😖😕🤔😡🤕

you could possibly do that with one of the latest GPU’s…

  • Latest GPU’s can Calculate about 20,000,000,000 MD5 Hashes/second…
  • That means, we can hack that 19 Billion hashes, if we don’t have common passwords among the users..
  • It would take only (0.9s Approx). 😁😁😎

Need of the hour is Protection..

  • Developers uses Salting for Encrypting their passwords..
  • SALTING : A salt is random data that is used as an additional input to a one-way function that hashes data and passwords. Cryptographic salts are broadly used in many modern computer systems, from Unix system credentials to Internet security.

POINTS :

  • As the linkedin and adobe were hacked previously … the most common passwords are been leaked and now is of NO-USE.
  • Splash Data (Has the list of Most common passwords..)
  • That’s why big Companies now-a-days changes there hash functions every day..To protect their User’s from being Hacked 👨‍💻👨‍💻…

POINTS FOR A DEVELOPER

  • check security vulnerability.
  • Use High Level of Encryption such as Bcrypt
  • Use .env for protecting API keys.
  • npm i dotenv --save
  • Then make a file on your root directory. touch .env
  • open your .env file and put your secrets String inside it..
API_KEY=Awd3B26dbj126bds82dh
CLIENT_ID=w987e8yd78eh2yeh98eh083
  • if Working with node.js
  • Add following : 
require('dotenv').config();
  • Add Process.env.API_KEY

But your secrets are still in danger..don’t worry.

  • Keeping the .env file in gitignore will save you..
  • As if you saved you secrets in a github repo .. anyone can see it..But adding the .env file to gitignore will ignore your .env file..

Stacked data needs to be protected…

Hope You have Learned Something New and Interesting.. Keep Learning..😀 Happy Hacking!!! 👨‍💻👨‍💻

© 2021, Utkarsh Yadav . All Rights Reserved