Authentication and Security

By: David Aldana

Information Security

blog/ Authentication and Security
03 April 2022


Authentication and Security


In this blog, we’ll cover fundamental concepts of authentication and security. We will explore what password hashing is, how salting works, the bcrypt algorithm, and the standard known as JOSE (JSON Object Signing and Encryption).


What is Password Hashing and Salting?


When storing passwords in a database, they should never be saved in plain text, as a database breach would give an attacker immediate access to all passwords.

To protect them, two essential techniques are used:


Password Hashing


password hashing


Hashing is the process of applying a mathematical function that converts a password into an irreversible string of characters (a hash).

Example:

  • Password: Contraseña123
  • Hash (e.g., SHA-256):
    f9b4d7b76c3b3650a29ec1e8377e6732459ba12f3d8df5cde0d50de2c14e5e24

Key points:

  • You cannot "unhash" to recover the original password.
  • When a user logs in, their input is hashed again and compared to the stored hash.


Password Salting


A salt is a random string added to the password before hashing. This ensures that two users with the same password don’t end up with the same hash.

Why is it important?

  • Protects against rainbow table attacks (precomputed hash lookup tables).
  • Increases the entropy and uniqueness of each hash.

Example:

  • Password: Contraseña123
  • Random salt: Xy7z!2
  • Actual input to hash: Contraseña123Xy7z!2
  • Result: A unique hash.


What is bcrypt?


bcrypt


Bcrypt is a hashing algorithm specifically designed to securely protect passwords.

Key advantages:

  • Automatically generates and applies a salt.
  • Includes a configurable cost factor (e.g., 10, 12, 14) to control hashing complexity.
  • Intentionally slow to make brute-force attacks harder.

The resulting hash contains:

  • The algorithm used.
  • The cost factor.
  • The salt.
  • The resulting hash string.


What is JOSE (JSON Object Signing and Encryption)?


jose 2


JOSE is a set of standards used to sign, encrypt, and protect JSON-formatted data, ensuring its integrity, authenticity, and confidentiality.

Key components:

  • JWS: JSON Web Signature.
  • JWE: JSON Web Encryption.
  • JWK: JSON Web Key.
  • JWA: JSON Web Algorithms.

Main functions:

  • Authentication: Verifies the sender’s identity.
  • Integrity: Detects unauthorized data modifications.
  • Confidentiality: Encrypts data for the intended recipient only.

Want to know more?
Schedule a call!
Contact us on WhatsApp !

related articles

Bogotá

Colombia

Calle 32A # 18-29,

Teusaquillo.

Tel: (+571) 731 3816

Los Angeles

USA

Tel: (323) 916 4717

Lima

Perú

Tel: (+511) 640 9708

  • Facebook
  • Linkedin
  • E-mail
  • About us
  • Claims

    • @Copyright 2025 SmartSoft