10 May SkaDate Features: Want Some Salt With It?
A recent attack by the WikiLeaks founder Julian Assange against Facebook has got me thinking about privacy and security in our industry, and more specifically in our own SkaDate Dating Software. After all, I bet the hacking incident several month earlier at Plenty of Fish (a popular and free dating site based in Canada) is still fresh on everyone’s’ minds.
To cut the long story short, Plenty of Fish (POF) got itself into a surreal cinematic thriller involving Argentinean hackers, Russian gangsters, American dating site owners, Capitol Hill reporters, website serial killers, and an e-mail to a mother to stop all the madness. More importantly, it was revealed that a security hole enabled hackers to gain access to passwords of some 28 million users. The following mass hysteria was mostly curbed with a hilarious correspondence between POS owners and hackers, all of whom showed a remarkable neglect for English grammar.
Nevertheless, what emerged after the storm is the fact that even major dating websites are prone to serious flaws in their security architecture. Basically, POF stored all of the user passwords in a single mostly unprotected file, which provided hackers with an easy admission to private data.
Is this even possible with sites running on the SkaDate Dating Script? Not likely.
You see, unlike POF, we use ‘hash and salt’ one-way encryption while handling secure information like passwords. This means that after a password enters our database it is first sprinkled with some salt. Essentially, every combination gets a unique random salt-string before being re-hashed with a strong algorithm. Thus, a possible invader will hit a virtual brick wall before reaching passwords, since using a dictionary attack becomes highly impractical, and, well, worthless.
Let’s imagine for a second that hackers still went after our passwords even after realizing that we have salted them. (Perhaps, they are from Argentina and have a lot of free time on their hands). Have you ever tried getting salt out of your food? Any success? Well, it’s the same here. The efforts will be futile. Even if attackers will get their hands on the password file, it will be useless to them. For that matter it will be useless to anyone except for the system, which keeps track and restores the data when prompted. That’s right, even site owners cannot steal your passwords, so go ahead and make the one you always wanted – iLoVEuBieBeRboi.
Just as a side note, it is interesting to point out that most of the big fish in our small pond and beyond prefer salted hash over everything. We are talking over 70% of all portals dealing with encrypted data. I don’t know what goes on inside the minds of people dealing with kayak trawling, but what I do know is that here at SkaDate every effort is made to ensure the customers get a ready solution with the best encryption system currently out there. Also, you can’t deny that everything tastes better with a little salt. Bon appétit, everyone! Be safe.