📚 Topic Summary
In this unplugged activity, we'll explore how password cracking works and, more importantly, how salting can significantly enhance password security. Salting involves adding a unique, random string to each password before it's hashed. This makes it much harder for attackers to use pre-computed tables of common password hashes (like rainbow tables) to crack passwords. We'll simulate this process to understand the importance of salting in real-world systems.
Think of it like this: instead of just locking your front door, you're adding a secret, custom deadbolt *before* you lock it. Even if someone knows how to pick standard locks, they're stumped by the custom deadbolt (the salt!).
🧠 Part A: Vocabulary
Match the term with its definition:
| Term |
Definition |
| 1. Hash |
A. A random string added to a password before hashing. |
| 2. Salt |
B. A one-way function that transforms data into a fixed-size string. |
| 3. Password Cracking |
C. Attempting to recover passwords from stored data. |
| 4. Rainbow Table |
D. A precomputed table for reversing cryptographic hash functions. |
| 5. Collision |
E. When two different inputs produce the same output hash. |
(Match the numbers to the letters)
✍️ Part B: Fill in the Blanks
Using the vocabulary words above, fill in the blanks in the following paragraph:
To protect passwords, systems use a ______ function. This function converts the password into a seemingly random string of characters. To make it even harder for attackers, a ______ is added to each password before it is hashed. This prevents attackers from using ______ to easily crack passwords. A ______ occurs when two different passwords produce the same hash value. The process of ______ involves attempting to discover the original passwords from the stored hashes.
🤔 Part C: Critical Thinking
Imagine you are designing a password system for a website. Explain why using salting is important, even if you believe your users will choose strong passwords. What are the potential risks of not using salting?