In this blog post, we’ll delve into the technical aspects of password security to give you a better understanding of how Kwara protects your sensitive data.
The Password Encryption Process:
Starting off – imagine your password as a key to your digital vault. To keep this password safe, we use a process called password encryption. This process involves turning your password into a secret code that’s practically impossible for anyone else to decode. But how exactly do we do it?
Kwara utilizes something called a cryptographic hash function, or CHF. This is a type of hashing algorithm, which is like a secret recipe. When you create a password, we take that password and run it through the CHF. Think of it as throwing your password into a magical blender that transforms it into a unique mix of letters and numbers. A password smoothie!
A password smoothie! This blender (the CHF) always produces the same result for the same password, and it’s designed in a way that it’s really hard to turn the result back into your original password.Spencer, Head of Engineering at Kwara
But here’s the clever part: this blender (the CHF) always produces the same result for the same password, and it’s designed in a way that it’s really hard to turn the result back into your original password. It’s a bit like turning our password smoothie back into its ingredients once it’s made—you can’t do it easily. The output of the CHF (also called the digest) also changes dramatically from password to password, even with only small input changes.
Why Your Password Is Safe with Kwara:
To be clear what this means for you: Kwara does not store plain text passwords! In keeping with security best practices, only the unique mix version (the blended smoothie) is stored in our databases. Nobody at Kwara can see your original password; nobody at the company can “unblend your smoothie”.
When picking our “smoothie making machine,” there are many different options out there. We use a battle-tested hashing algorithm called bcrypt. This cryptographic hash function was developed by Ph.D cryptography experts working on the OpenBSD project. It is adaptive, meaning it can easily make passwords more difficult to crack as computers grow more powerful, and is used around the world to secure passwords at some of the world’s largest corporations.
Bcrypt has the best kind of repute that can be achieved for a cryptographic algorithm: it has been around for quite some time, used quite widely, ‘attracted attention’, and yet remains unbroken to date.Anonymous Cryptography Expert
The Role of Password Salt:
Let’s move on to another important ingredient in our password smoothie – salt! Think of a password salt as an extra layer of security seasoning. When you create a password, Kwara adds a random string of characters to it before hashing (the magical blender – remember?) This random string is the salt. So, even if two people have the same password, their hashed results will be completely different because of the unique salt added to each.
Think of a password salt as an extra layer of security seasoning.Spencer, Head of Engineering at Kwara
This means that if a hacker ever gets their hands on the hashed passwords and is trying to reverse-engineer them back to their original plain text format (“un-blend the smoothie”), they can’t just look up the original password in a dictionary or try common combinations (for our technically inclined readers – “rainbow table”). These hackers would need to guess both the original password and the salt added to it. It’s like trying to guess the smoothie recipe with additional random ingredients—much trickier!
To summarize: Kwara uses password encryption to turn your password into a secret code using a cryptographic hash function. This code is like a puzzle that’s incredibly tough to solve, making sure your password stays safe even if it falls into the wrong hands. The addition of a password salt adds an extra layer of protection by making sure that even if hackers get hold of the secret code, it’s still incredibly difficult for them to guess the original password using common brute-force techniques.
But Kwara still needs your help. Even with all the work we can do on our end to protect against brute-force password attacks, your account will be more secure if you follow a few simple guidelines:
Kwara’s Password Security Recommendations:
- Create a strong password (at least 12 characters with a combination of upper and lower-case letters, numbers, and symbols).
- Don’t reuse the same password on multiple sites.
- Don’t share your password with anyone.
By following these guidelines, you can ensure that your Kwara account remains as secure as possible.
Remember, your security is our top priority at Kwara, and we’re committed to safeguarding your personal information.
Thank you for trusting Kwara with your financial well-being. If you have any questions or concerns about your account security, please don’t hesitate to contact our support team here.
Stay safe online!
Spencer, Head of Engineering at Kwara