Salting, peppering, and hashing passwords

What can a hacker do when a database is leaked?
Try Hostinger: https://hostinger.com/mcoding
Use coupon code MCODING at checkout for up to 91% off all yearly hosting plans!

Your password database just leaked. What info does the hacker get and what can they do with it if you used plaintext passwords, hashed passwords, salted hashed passwords, or peppered salted hashed passwords?

In this video we will talk about hashes, salts, and peppers, which can be used to more securely store passwords in your application's database. We use builtin secure Python primitives. Big open source libraries like Flask and Django use these techniques.

Note: DO NOT WRITE YOUR OWN CRYPTO. This video is for educational purposes to explain the purpose and benefits of salting and peppering, it is not an example of secure production code.
Note: Hash functions used in hashing passwords should be purposefully and configurably slow so that it takes an attacker a long time to check hashes even offline, making it more time-consuming to crack even weak passwords.

― mCoding with James Murphy (https://mcoding.io)

Source code: https://github.com/mCodingLLC/VideosS...
Password storage best practices: https://cheatsheetseries.owasp.org/ch...
Crypto.SE on peppering: https://security.stackexchange.com/qu...
Timing attacks video:    • Cracking passwords using ONLY respons...  

SUPPORT ME ⭐
---------------------------------------------------
Patreon:   / mcoding  
Paypal: https://www.paypal.com/donate/?hosted...
Other donations: https://mcoding.io/donate

Top patrons and donors:
John M, Laura M, Pieter G, Vahnekie, Sigmanificient

BE ACTIVE IN MY COMMUNITY 😄
---------------------------------------------------
Discord:   / discord  
Github: https://github.com/mCodingLLC/
Reddit:   / mcoding  
Facebook:   / james.mcoding  

CHAPTERS
---------------------------------------------------
0:00 Intro
0:39 DB Leaks
1:14 Plaintext
2:35 Hashes
4:39 Salts
6:14 Peppers
8:14 Closing remarks