Crypto Basics: All about hashes & how to secure passwords against rainbow tables

We hear tons of security breaches recently: "User passwords of ... were leaked, X million user accounts were exposed"....

What's so hard in protecting user accounts? What's the difference between storing clear-text and hashed passwords? Why some hash algorithms are better than others? What's "salting" and how to do it right?

In this talk, Istvan Lam, co-founder & CEO of Tresorit, a "zero knowledge" encryption company will give you a practical summary on hashes, salting, stretching and beyond to guide you in securing your app/service in line with today's best practices.

Audience: developers, no previous crypto experience needed.

Topics covered:

• What is a hash function?
• What is the difference between crypto hashes (e.g. SHA-1) and hashes for data structuring (e.g. MurMur)
• What is SHA-1, MD5, SHA256, etc.? Which one to use?
• What is MAC, HMAC, AES-GCM and what is AEAD?
• What are the basic attacks against password databases?
• How do you define the "strength" of a password?
• What is a rainbow table attack and how to protect against them?
• The current best practice of managing password database - covering PBKDF, scrypt, and augmented password authentication.
• Different 2Factor authentication techniques, and how it helps your system security.
• What is the performance drawback of all of that?