Share this page!

Alex Xu Profile picture
Twitter logo
May 5 โ€ข 8 tweets โ€ข 2 min read
1/ How to store passwords safely in the database and how to validate a password? Letโ€™s take a look.

๐“๐ก๐ข๐ง๐ ๐ฌ ๐๐Ž๐“ ๐ญ๐จ ๐๐จ
๐Ÿ”น Storing passwords in plain text is not a good idea because anyone with internal access can see them.
2/ ๐Ÿ”น Storing password hashes directly is not sufficient because it is pruned to precomputation attacks, such as rainbow tables.

๐Ÿ”น To mitigate precomputation attacks, we salt the passwords.
3/ ๐–๐ก๐š๐ญ ๐ข๐ฌ ๐ฌ๐š๐ฅ๐ญ?
According to OWASP guidelines, โ€œa salt is a unique, randomly generated string that is added to each password as part of the hashing processโ€.
4/ ๐‡๐จ๐ฐ ๐ญ๐จ ๐ฌ๐ญ๐จ๐ซ๐ž ๐š ๐ฉ๐š๐ฌ๐ฌ๐ฐ๐จ๐ซ๐ ๐š๐ง๐ ๐ฌ๐š๐ฅ๐ญ?
1๏ธโƒฃ A salt is not meant to be secret and it can be stored in plain text in the database. It is used to ensure the hash result is unique to each password.
5/ 2๏ธโƒฃ The password can be stored in the database using the following format: ๐˜ฉ๐˜ข๐˜ด๐˜ฉ( ๐˜ฑ๐˜ข๐˜ด๐˜ด๐˜ธ๐˜ฐ๐˜ณ๐˜ฅ + ๐˜ด๐˜ข๐˜ญ๐˜ต).

๐‡๐จ๐ฐ ๐ญ๐จ ๐ฏ๐š๐ฅ๐ข๐๐š๐ญ๐ž ๐š ๐ฉ๐š๐ฌ๐ฌ๐ฐ๐จ๐ซ๐?
To validate a password, it can go through the following process:
1๏ธโƒฃ A client enters the password.
6/ 2๏ธโƒฃ The system fetches the corresponding salt from the database.
3๏ธโƒฃ The system appends the salt to the password and hashes it. Letโ€™s call the hashed value H1.
4๏ธโƒฃ The system compares H1 and H2 (H2 is the hash stored in the database). If they are the same, the password is valid
7/ Over to you: what other mechanisms can we use to ensure password safety?
8/ If you found this thread helpful, follow me
@alexxubyte for more.

Retweet the first tweet to help more people to learn system design.

โ€ข โ€ข โ€ข

Missing some Tweet in this thread? You can try to force a refresh
ใ€€

Keep Current with Alex Xu

Alex Xu Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @alexxubyte

Alex Xu Profile picture
May 4
How does HTTPS work?

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP.) HTTPS transmits encrypted data using Transport Layer Security (TLS.) If the data is hijacked online, all the hijacker gets is binary code. Image
How is the data encrypted and decrypted?

Step 1 - The client (browser) and the server establish a TCP connection. Image
Step 2 - The client sends a โ€œclient helloโ€ to the server. The message contains a set of necessary encryption algorithms and the latest TLS version it can support. The server responds with a โ€œserver helloโ€ so the browser knows whether it can support the algorithms and TLS version. Image
Read 9 tweets
Alex Xu Profile picture
May 2
1/ How to learn design patterns? Besides reading a lot of well-written code, a good book guides us like a good teacher.

๐‡๐ž๐š๐ ๐…๐ข๐ซ๐ฌ๐ญ ๐ƒ๐ž๐ฌ๐ข๐ ๐ง ๐๐š๐ญ๐ญ๐ž๐ซ๐ง๐ฌ, second edition, is the one I would recommend. Image
2/ When I began my journey in software engineering, I found it hard to understand the classic textbook, ๐ƒ๐ž๐ฌ๐ข๐ ๐ง ๐๐š๐ญ๐ญ๐ž๐ซ๐ง๐ฌ, by the Gang of Four. Luckily, I discovered Head First Design Patterns in the school library. This book solved a lot of puzzles for me.
3/ When I went back to the Design Patterns book, everything looked familiar and more understandable.

Last year, I bought the second edition of Head First Design Patterns and read through it. Here are a few things I like about the book:
Read 7 tweets
Alex Xu Profile picture
Apr 26
How does Twitter work? Letโ€™s take a look at it from the architectural point of view before Elon takes it.

๐“๐ก๐ž ๐‹๐ข๐Ÿ๐ž ๐จ๐Ÿ ๐š ๐“๐ฐ๐ž๐ž๐ญ:
1๏ธโƒฃ A tweet comes in through the Write API.
2๏ธโƒฃ The Write API routes the request to the Fanout service.

#twitter #systemdesign
3๏ธโƒฃ The Fanout service does a lot of processing and stores them in the Redis cache.
4๏ธโƒฃ The Timeline service is used to find the Redis server that has the home timeline on it.
5๏ธโƒฃ A user pulls their home timeline through the Timeline service.
๐’๐ž๐š๐ซ๐œ๐ก & ๐ƒ๐ข๐ฌ๐œ๐จ๐ฏ๐ž๐ซ๐ฒ
๐Ÿ”น Ingester: annotates and tokenizes Tweets so the data can be indexed.
๐Ÿ”น Earlybird: stores search index.
๐Ÿ”น Blender: creates the search and discovery timelines.

๐๐ฎ๐ฌ๐ก ๐‚๐จ๐ฆ๐ฉ๐ฎ๐ญ๐ž
๐Ÿ”นHTTP push
๐Ÿ”นMobile push
Read 6 tweets
Alex Xu Profile picture
Apr 25
Popular interview question: What is the difference between ๐๐ซ๐จ๐œ๐ž๐ฌ๐ฌ and ๐“๐ก๐ซ๐ž๐š๐?

To better understand this question, letโ€™s first take a look at what is a Program.
A ๐๐ซ๐จ๐ ๐ซ๐š๐ฆ is an executable file containing a set of instructions and passively stored on disk. One program can have multiple processes. For example, the Chrome browser creates a different process for every single tab.
A ๐๐ซ๐จ๐œ๐ž๐ฌ๐ฌ means a program is in execution. When a program is loaded into the memory and becomes active, the program becomes a process. The process requires some essential resources such as registers, program counter, and stack.
Read 8 tweets
Alex Xu Profile picture
Apr 22
Interesting read: Software Architecture and Design InfoQ Trends Report โ€” April 2022 by @InfoQ Image
Key takeaways:
โ€œData plus architecture" is the idea that, more frequently, software architecture is adapting to consider data. This holistically includes data quality, data pipelines, and traceability to understand how data influenced decisions and AI models.
Innovative software architecture is facilitating data quality the way weโ€™ve improved code quality. Catching bad data early is as important as catching bugs early.
The practice of software architecture does not belong solely to people with the job title of architect.
Read 8 tweets
Alex Xu Profile picture
Apr 20
One picture is worth more than a thousand words. In this post, we will take a look at how to design ๐†๐จ๐จ๐ ๐ฅ๐ž ๐ƒ๐จ๐œ๐ฌ.

1๏ธโƒฃ Clients send document editing operations to the WebSocket Server.
2๏ธโƒฃ The real-time communication is handled by the WebSocket Server. Image
3๏ธโƒฃ Documents operations are persisted in the Message Queue.
4๏ธโƒฃ The File Operation Server consumes operations produced by clients and generates transformed operations using collaboration algorithms.
5๏ธโƒฃ Three types of data are stored: file metadata, file content, and operations. Image
One of the biggest challenges is real-time conflict resolution. Common algorithms include:

๐Ÿ”น Operational transformation (OT)
๐Ÿ”น Differential Synchronization (DS)
๐Ÿ”น Conflict-free replicated data type (CRDT)
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(