Authentication is used by a server when the server needs to know exactly who is accessing their information or site.

The evolution of authentication:

Screen Shot 2018-01-01 at 10.15.44 PMScreen Shot 2018-01-01 at 10.15.52 PMScreen Shot 2018-01-01 at 10.15.59 PM

Screen Shot 2018-01-01 at 10.16.43 PM
Encryption: a reversible transformation of text into an alternative representation.
Screen Shot 2018-01-01 at 10.17.54 PM
Hashing: a version of encryption that is irreversible and destroys some of the information instead of just obfuscating it.

Screen Shot 2018-01-01 at 10.19.02 PM

Salt: a set of pseudorandom information which is added to a password before it is hashed.  Adding salt to a password significantly increases data set’s resistance to rainbow tables.

Rainbow table: a precomputed table generated from commonly-used password patterns using known hashing algorithms. It is used to reverse cryptographic hash functions, usually for cracking password hashes.  Hackers can compare hashed passwords to those known hashed values in the table to decode passwords.

Tokens: externally encrypted piece of information, and can be used in place of a username and a password to authenticate a user.

  • A token is delivered to a client via a cookie immediately after successful authentication and the server later uses the token to identify and authenticate the user.

Cookies:  Small pieces of text stored on a user’s computer by their client/browser. Common uses for cookies are authentication, storing of site preferences, shopping cart items, and server session identification.  All cookies for a given host are transmitted back to the server on every subsequent request.

Sessions: A server-side storage of information that is desired to persist throughout the user’s interaction with the web site or web application.  Sessions are tokens with an expiration date.

* You either want to use a token or a session, but not both.