What is password encryption and how does it work? | North VPN (2023)

What is password encryption?

Password encryption is the process of converting passwords entered on a website into a format that can be stored or transmitted securely. Password encryption is a way to protect your credentials when:data breach- Even if hackers manage to break into the password vault server, all they get is useless gibberish.

If you want your accounts to be secure, you need strong passwords and their encryption. Strong passwords keep hackers from breaking into your account's front doorbrute forceEncrypting or hashing passwords ensures there are no spare keys under the welcome mat.

How does password encryption work?

Simply put, password encryption involves using an encryption key to convert a password from plain text (the actual sequence of characters you type) intopassword(you'll get random characters). The resulting ciphertext version of the password can be securely stored on a server, in a password manager, or sent elsewhere.

Password encryption is a reversible process: with the correct decryption key, encrypted text can be recovered as a plaintext password. Since encryption and decryption keys are unique to each account, they must be protected so that no one can crack your credentials.

Main Types of Cryptographic Encryption Techniques

In general, cryptographic encryption techniques fall into four broad categories.

Symmetric encryption

Symmetric encryption (also known as "key encryption") uses the same key for encryption and decryption. An encryption client first creates a key, then splits the plaintext password into fixed-size blocks, and finally uses the generated key to run each block through a symmetric encryption algorithm to obtain the corresponding ciphertext block.

With symmetric encryption, the easiest way for a hacker to steal a password is to steal the key. It is very important that all parties involved in symmetric encryption (including the password vault server) separate the key from the encryption password, and only share the key with others when absolutely necessary.

asymmetric encryption

Asymmetric encryption (also known as "public key encryption") uses a pair of related keys: a public key for encryption and a private key for decryption. The public key is freely available to anyone who wants to securely send data to the holder of the private key.

While asymmetric encryption is very secure, it is also much slower than symmetric encryption. This means that it is not commonly used to directly encrypt files; instead, asymmetric encryption is often used to securely exchange keys between symmetric encrypted parties.

Symmetric and asymmetric encryption are used in secure password storage solutions such asTrusted Password Managere.g. NordPass): The server uses a process called "hashing" to authenticate itself.

hash

Strictly speaking, hashing is not the same as cryptographic encryption, although the two concepts are so close that the terms have become synonymous in popular discourse.

Similar to plain password encryption, hashing converts a plain text password into a string of random characters, called a "hash". This process is repeated every time you log in: the hash of the password you enter is compared to a stored hash to determine if you are the rightful owner of the account.

However, that's the similarity to cryptographic encryption: unlike the latter, hashing is a one-way function. There is no way to reverse the process and replace the hash with the original password.

Salt

Salting is one way to address an apparent weakness of password hashing: the same password on the same server creates the same hash. Given enough motivation and time, a hacker can guess a stolen plaintext hash.rainbow table attackIdictionary attack。

This is where password salting comes into play. Salting adds random characters to the front or back of plaintext passwords before going into the hashing algorithm, ensuring that even identical passwords create unique hashes. It is much more difficult for hackers to deduce the original text.Hashing and Salting Passwords。

In short: Hashing and salting are irreversible functions used to authenticate a user, while asymmetric and symmetric encryption are reversible processes used in password storage solutions.

Typical password encryption algorithm

Any encryption algorithm can be used to encrypt passwords, and each algorithm has its advantages and disadvantages. However, there are four algorithms that hold particular importance in modern cryptographic security.

• Advanced Encryption Standard (AES).AES is the gold standard encryption algorithm in today's network environment. AES is a symmetric algorithm that encrypts data in fixed-size blocks using encryption keys of varying lengths; the US National Security Agency (NSA) considers 256-bit encryption secure enough for "Top Secret" documents.
• Triple Data Encryption Standard (Triple DES or 3DES).3DES is an evolution of the Data Encryption Standard (DES). DES is the first major encryption algorithm publicly released by the U.S. government. The biggest difference can be seen from the name: 3DES uses different keys to apply the DES algorithm multiple times to increase safety. 3DES is another symmetric encryption algorithm, but it is no longer considered secure and has largely been replaced by AES on modern systems.
• Puffer fish.Another symmetric encryption algorithm, Blowfish, was devised by Bruce Schneier in 1993 to address a common weakness in algorithms at the time. While it is more reliable than DES, the data blocks used are limited in size.blowfish code(64-bit only) means it is vulnerable to exploiting the math behind the algorithm. Blowfish was upgraded to Twofish in 1998 and Threefish in 2008, and remains a strong cryptographic security algorithm (including password encryption) to this day.
• Rivest-Shamir-Adman (RPA). RSAIt's one of the oldest algorithms still in use today, and unlike the other three algorithms on this list, it's an asymmetric encryption algorithm. RSA generates public and private keys based on calculations involving very large prime numbers. RSA is theoretically more secure than symmetric encryption algorithms such as AES, but it is also slower and more complicated to use.

Encrypted password example

Password encryption encrypts the text you enter, creating ciphertext: a random string of characters is meaningless without the correct decryption key. For demonstration purposes, let's run some common ciphers with a simple online DES encryption tool.

• "Contraseña123" changed to "$1$/kAFuTwg$z0.oX9oWMMoNua.bwPhLp0"
• "p@55w0rd" becomes "$1$7j8BudBa$AfRWuSokgzes.iV4nqCRN0"
• "1234567890" becomes "$1$UMCEqUEp$aMjeiFoALgq5cb198S4T6/"

If we run the same password through a hashing algorithm such as SHA-1 (which converts plaintext into a 40-character hash), the ciphertext will look slightly different. Note that unlike encrypted passwords, these password hashes cannot be decrypted back to their original form.

• “Contraseña123”cambia a“b2e98ad6f6eb8508dd6a14cfa704bad7f05f6fb1”
• "p@55w0rd" communicates with "ce0b2b771f7d468c0141918daea704e0e5ad45db"
• "1234567890" becomes "01b307acba4f54f55aafc33bb06bbbf6ca803e9a"

Can someone else crack my encrypted password?

In theory, password encryption is a reversible process, so anyone with the correct key can restore the ciphertext to the plaintext password. However, obtaining the decryption key is much harder than it seems, so the chances of someone else cracking the encrypted password are extremely low.

One possible way to obtain the decryption key is to intercept the client-server key exchange. In rare cases where the medium of exchange is not adequately protected (for example, by using asymmetric encryption), a lurking hacker can performAtak Typu the man in the middleAnd copy the shared symmetric encryption key.

In fact, most modern authentication systems automatically secure the exchange of keys between parties.

Remember: Password Encryption Is Not Enough

Password hashing and encryption play an important role in keeping you safe, but here's the catch: You need password encryption and strong passwords to protect your accounts. While you can't do much about choosing a website's password encryption algorithm or other encryption security measures, there's a lot you can do with your passwords.

make surecreate strong passwordsfor each of your accounts. A good password can deter hackers for years or even decades, long enough that most attacks lose interest and move on to easier prey.