Today we mainly focussed on implementing user sign ups and password security. It’s kind of scary building things that actually require a layer of security and I’m trying to pay extra attention to that element.

I found out about how passwords are encrypted (or hashed), which was something I’d been wondering about for a while. Basically the password you enter is encrypted, then the resulting hash is stored in the database. The encryption algorithm used is mathematically impossible to crack. The bit I’d wondered about was the decryption of the hash to check it matched the password input, and whether this was a security risk. It turns out that the password is never actually decrypted. Instead, the user’s input is encrypted using the same algorithm and compared to the stored encrypted password. If they match, you are logged in! If they don’t, the server and application don’t know which characters didn’t match, it just knows that they’re not exactly the same.

A lot of people enter really lame passwords, such as ‘password’. It might be a clue to hackers that certain users are using common passwords if a lot of the hashes match each other. To get around this problem, passwords hashes can be ‘salted’ using a modification specific to that user. The salting algorithm is stored in the database alongside the user’s details. This doesn’t make the hash any easier to crack though, since once the hashes are salted they are all unique, so hackers have no idea which passwords match each other anymore.

Today was very good. I had my 1:1 and got some helpful feedback about my rock, paper scissors game and pairing went well.

It was 36*C today and I am very tired as a result of not sleeping properly, so I’d best call it a night now.

Nat x