re: #21 researchok

Well, I’m on it now.

If i were to add numbers to my password, is there an ‘optimum’ number of digits? Or the more the better?

Well, I want to stress that ‘salting’ isn’t you adding numbers, it’s the encryption program used by the website doing it.

The best passwords are either

A) Really long or

B) Nowhere near dictionary

So, if there’s unlimited characters, using “NotIllNotCarrionComfortDespairNotFeastOnTheeNotUntwistSlackTheyMayBeTheseLastStrandsOfManInMe” would be highly secure, and easy to remember (though would take a moment to type, it’s actually a fun way to do passwords).

If there’s limited characters, using something like “5h4k3sp34R3” is a good option.

However, most people will not do this, unless you force it. So most sites allow you to just use “Pickle” or “password” or “god” or “private”.

So in order to protect those passwords, in the event someone gains access to the database— or just from the people who work at the site— passwords are not generally stored ‘in the clear’— unencrypted. They’re stored after being passed through a one-way algorithm that changes it to a hash value— the value that you can get only* if you pass that word through that algorithm. Then, when you enter your password, the site doesn’t actually compare your password to the stored one, it compares the hash that’s generated then to the hash of your password.

If it’s ‘unsalted’, then it’s a lot easier (though that’s relative) to crack the algorithm with a dictionary attack and figure out passwords that are “Dictionary”— simple words. Salting destroys that, and is a very, very basic security measure.

*not really, but for our purposes, only.