Everand Logo

Welcome to Everand!

  • Linux Format

    Understand and deploy security keys

    Feb 08, 2022 9 minutes

    Usernames and passwords were originally designed to be proof that the person trying to log in is who they say they are. Interestingly, Richard Stallman famously ran his first systems with no passwords because “it hindered collaboration.” This was a brave choice even back before the evolution of the networks as we know them today.

    The username/password combo used to be sufficient proof of identity to enable access. Things are different these days. With the vast array of password and account thefts that occur, a simple username and password combination is no longer sufficiently secure. This is especially so when considering the ability to brute-force stolen password hashes using powerful cloud GPU compute to reverse-engineer a password. Anything of any significant value – either financially or otherwise – should be protected by as much security as can be thrown at it.

    Salty hashes

    Most security-aware sites now use salted hashes. These are one-way functions (akin to physical trap doors if you will) that enable developers to encrypt passwords easily in terms of CPU time, but incredibly hard to decrypt. To reverse engineer all the password combinations would be a futile, expensive and lengthy undertaking in a properly salted and hashed environment. Salting refers to adding a second additional and unique value to the encryption key to make reversing the password hash more difficult, because it can’t be run against pre-built tables of hashes. More information about salts can he found at https://en.wikipedia.org/wiki/Rainbow_table.

    To enhance security, the concept of software and hardware tokens was introduced. These introduce a multiple factor of authentication, and many others. Phone-based security can be fine for most users, but it still doesn’t do much for security beyond website logins. Hardware tokens take things a step further because they enable the usage of secure public/private encryption keys to extend the ability to prove an identity or even sign code, emails and so on.

    You’re reading a preview, subscribe to read more.

    More from Linux Format

    Linux Format2 min read
    Back Issues » Missed One?
    November 2024 Product code: LXFDB0321 Build your own Linux fortress and protect your privacy with Qubes OS, and learn all about Matter, the new Internet of Things standard. Plus, discover which media server is best, find out how to secure your files,
    Linux Format3 min read
    AMD Ryzen 5 9600X
    The first salvo of AMD’s Zen 5 Ryzen 9000 processors are here. The new chips span from the £269 six-core 12-thread Ryzen 5 9600X to the £594 16-core 32-thread Ryzen 9 9950X, covering the same segments as the prior-gen Zen 4 Ryzen 7000s. The chips hav
    Linux Format3 min read
    Fedora Is For All
    Fedora Linux has always been something of a trailblazer. In one sense it guides CentOS Stream, which in turn sets the road map for the commercial Red Hat Enterprise Linux (RHEL). From a desktop point of view, it’s often the first (ahem, Arch BTW) to

    Related