It is not just a matter of putting salt in the password but it is much more

Introduction

I have a good (soup) cooking and add some salt¹ to make the flavor more pleasant. If the password is ** always the same soup** and I add salt to it, can I be sure to get something safer? And, if there are other hungry and eager people from that soup, is it right that they can taste it, take a sample to analyze the result and transcribe Grandma’s secret recipe?

Are my chats, my correspondence, my secrets safe?

I don’t think you can be quiet. You don’t have to trust of the claims:

1. Passwords are encrypted, maximum security
2. Cloud data is secure.
3. Communications are encrypted with end-to-end technology.

A backdoor of the service and state provider is always possible.

Yes, but… even worse it want to pass a legislation into the EU that plans to stick your nose in all sides Chat Control.

A dedicated site has been set up Fight Chat Control where you can indignantly write to your country’s leading politicians and have in real time the map of the favorable, opposed and undecided states on the proposal of Chat Control.

We will return to the origins of the traditional mail bagged and closed. The Article 616 of the Criminal Code any person who cognizes the contents of a closed correspondence, not directed to him, or subtracts or distracts, in order to take it or make it known by others, a closed or open correspondence, not directed to him, or, in whole or in part, destroys or suppresses it, is punished.

The paradox is that correspondence is more protected than any digital message.

Old person pinches, content compromise between personal superficiality and nosy hacker and normative

Since the world and the world has always existed the practice of exchange in code of words to recognize oneself among secret agents, give yourself a break from reading and watch the video, if you are one of our 🤪.

From the movie: Totò of Arabia: misunderstanding of bullfighting.

We humans are among the laziest and worst secure password generators. How many people have used them as personal secrets: password, 12345678, qwerty123, etc.

There is a subtle perversion that limits the spread of asymmetric cryptography associated with specific tokens, presumably justified by the fact that a password is something generated by a person and is part of his or her heritage, making it identifiable for legal and/or political reasons.

Our mobile phones collect a huge amount of personal data: each call, message, navigation or interaction with an app generates information on location, contacts, habits and, if you use biometric recognition, even sensitive data such as fingerprints or face. This data can end up on third-party servers, often for advertising or analytical purposes, without that the user being fully aware of it.

And what happens if they seize a cell phone legally?

News of August 22, 2025 Source: Fourth Amendment Victory: Michigan Supreme Court Reins in Digital Device Fishing Expedition – EFF article EFF article . The article describes a case where the court has recognised the right of citizens to oppose indiscriminate access to digital data. In practice, the investigating authority required access to content on the device without demonstrating any concrete link between such data and the activities under investigation. This approach is likely to transform the authorisation of access to specific content into a de-facto licence to examine the entire device, thus opening the door to a massive collection of information covering virtually the entire private life of a person.

Our EU, with the Chat Control system, could brutally access all our personal data, even if we did not commit any crime or presumed such!

Let us not forget the case of the British independent journalist Richard Medhurst , who risks rewriting the history of press freedom in the UK. To protect his sources, the journalist did not deliver passwords to access mobile phones that store sensitive data, which could compromise his sources.

Cryptography Scares

Specialized companies deal with unlocking a phone for digital investigations such as the Israeli cellebrite and XRY of MSAB

Strong algorithms and encryption systems are scary.

In the 1990s, the U.S. government considered strong encryption a possible threat to national security and banned the export of software with keys exceeding 40bits. When Phil Zimmermann released PGP Pretty Good Privacy , an e-mail encryption program, the authorities accused him of violating these rules. To circumvent the ban, activists and researchers began printing the source code on paper and distributing it physically, proving that knowledge cannot be stopped by digital barriers. In time the laws loosened but, the paper copy remained a symbol of resistance and protection of privacy against government restrictions.

Cloud Master Decryption Key

Before you adopt a cloud service, you need to ask if there is a master key that allows you to decipher the data. In principle, if the policies provide for content responsibility, you must give an adequate response.

Do you think service providers can access your data in the cloud?

I suggest you read:I’m cloud and you’re a stupid.

When I fell in love with bcrypt

Storing the encrypted password in a computer system is a censorable practice, as it can expose users to a high risk of computer attacks and the possible disclosure of the clear content of their password. In addition to not ensuring the generation of robust passwords, many utilities include the password in clear applications for recovery, thus facilitating the operation of the malicious.

The correct practice is to adopt a cryptographic hashing algorithm for which it is impossible to trace the original password. The reader must know that a company like Adobe is slipped on banana peel in 2013, making it easy to attack credential stuffing² on about 130 million passwords, because these had been encrypted instead of hashate. Source

I was electrocuted by bcrypt a little salt each time and several correct hash results all different.

#!/usr/bin/python

import bcrypt
import time

passwd = "password".encode('utf-8') # Conversion of the password in byte

start = time.time()
salt = bcrypt.gensalt(rounds=10) # Generation of the salt value
hashed = bcrypt.hashpw(passwd, salt) # Execution of the password hashing
end = time.time()

print("Time taken:", end - start)
print("Salt:", salt)
print("Hashed:", hashed)

# Stampa info in utf 8
print(f"Actual Password: {passwd.decode('utf-8')}")
print(f"Hashed Password: {hashed.decode('utf-8')}")

Example of result:

• Time taken: 0.07086873054504395
• Salt: b’$2b$10$dwOCwMmr3OlN9O6ePVDuFe'
• Hashed: b’$2b$10$dwOCwMmr3OlN9O6ePVDuFePfaDt5KNtXQZCFZ3UhVakHZLhMyniO2'
• Actual Password: password
• Hashed Password: $2b$10$dwOCwMmr3OlN9O6ePVDuFePfaDt5KNtXQZCFZ3UhVakHZLhMyniO2

You can check the result online if you copy the Hashed Password and enter password the link.

You don’t have to fall in love with algorithms, considering that bcrypt was presented in 1999 and is still valid but, the increase in the power of graphics cards made it possible to attack it with techniques based on GPU, thus weakening its robustness.

When I realized that you never end falling in love

The Password Hashing Competition PSH was a global race that collected and evaluated proposals for password hashing functions, with the aim of improving the security of online credentials. The best known result is Argon2, which is now widely recommended and used as a reference algorithm for password protection.

You can encrypt a password online with the algorithm Argon2 the link.

When the computing power becomes quantum we all run towards the reticular

The aim of the project Open Quantum Safe OQS is to support the transition to quantum computer-resistant encryption. Algorithm libraries are already in development, including liboqs is one of the reference choices for those who want to prepare their applications for the future era of quantum computers.

Conclusion, are your data safe?

So after all this pippone, did you get an idea? Is your data safe? Even if someone keeps them without access to content, this does not rule out that, in the future, they will be able to decipher them when technologies and computing skills are no longer an obstacle. Therefore, you must never let your guard down.