Crypto, hashes and password questions, total noob?

Question

I\'ve read several stackoverflow posts about this topic, particularly this one:

Secure hash and salt for PHP passwords

but I still have a few questions, I ne

Answer 1

( OP )

brings up a good point, if your data is compromised then game over ... my follow up question is: what types of attacks are these hashes trying to protect against? I've read about rainbow table and dictionary attacks (brute force), but how are these attacks administered

( discussion )

It's not a game, except to the attacker. Research these terms:

• Sarbanes-Oxley
• Gramm-Leach-Bliley Act (GLBA)
• HIPAA
• Digital Millenium Copyright Act (DMCA)
• PATRIOT Act

Then tell us ( as thought provocation for you ) how do we protect against whom? For one thing, it is the efforts of innocents vis-a-vis intruders - and for another it is data-recovery if part of the system fails.

It is an interesting experiment that the original intent of tcp/ip and so on is advertised as being a weapon of war, survivability under attacks. Okay, so passwords are hashed - no one can recover them ...

Which, duh, includes the owner-operator of the system.

So you build a robust record locking tool that implements key controls, then political pressures force the use of brand-x tools.

You can read Federal Information Security Management Act (FISMA) and by the time you have read it some governmental entity somewhere will have had an entire disk either stolen or compromised.

How would you protect that disk if it was your personal identity information on that disk.

I can tell you from the caliber of Martin Liversage and jadeters they will be paying attention.