Cara Mengatasi Toko Online Sepi

Penyebab dan Cara Mengatasi Toko Online Sepi

Berguru SEO Add Comment

Bisnis Online 22 September 2015

Sebagai mantan pemilik toko online, tentunya saya juga pernah merasakan toko online sepi pembeli, dari situ pulalah yang akhirnya memaksa saya untuk memutar otak mencari solusi mengatasi masalah toko online sepi ini.

Meskipun belum bisa dibilang sebagai pemilik toko online yang sukses, namun syukurlah toko online yang saya buat pernah mendapat lebih dari 1000 pengunjung per hari dengan konversi 0,1 - 1%, jadi nyaris tiap hari saya melayani pesanan dari pembeli.

Pencapaian tersebut tentu tidak didapat secara instan, melainkan melalui proses yang cukup panjang, dimana setidaknya saya membutuhkan waktu 2 bulan untuk mencapainya.

Melalui artikel inilah saya ingin berbagi pengalaman pribadi dalam mengatasi toko online yang sepi pembeli.

Sebelumnya perlu saya jelaskan terlebih dahulu bahwa toko online sepi disebabkan oleh beberapa hal, dengan kata lain penyebab toko online A sepi tidak akan sama dengan penyebab toko online B sepi dan untuk solusi atau cara mengatasinya pun pastinya juga akan berbeda tergantung dari penyebabnya.

1. Load Web Toko Online Yang Terlalu Berat

Terdengar sepele memang, namun jangan salah, masalah seperti ini justru yang menjadi pemicu utama para pengunjung malas untuk mengunjungi toko online Anda untuk kedua kalinya.

Penyebab loading website toko online berat tentunya sangat beragam, namun yang paling banyak disebabkan oleh penggunaan script yang terlalu banyak, memasang berbagai plugin yang akhirnya memberatkan server dan loading web selain itu juga bisa disebabkan oleh pemilihan lokasi server yang kurang tepat.

Solusi / Cara Mengatasi

Sebisa mungkin hindari penggunaan script dari luar situs (import script). Ukuran script mungkin bisa dibilang kecil karena rata-rata hanya berkisar 10 kb - 100 kb, tetapi jika digunakan dalam jumlah banyak tentunya juga akan berdampak pada load web yang akan semakin berat pula. Server pun sebisa mungkin menggunkana server lokal dengan data center yang berada di Indonesia, jika target pasar kita adalah masyarakat lokal.

2. Rekening Pembayaran Yang Terbatas

Disadari atau tidak, metode pembayaran yang terbatas misalnya hanya menyediakan alat pembayaran dari 1 rekening bank saja, menjadi salah satu penyebab toko online sepi, karena fee dari transaksi tersebut tentu akan ditanggung oleh pembeli.

Fee dari transaksi yang umumnya berkisar Rp 5000 - 15000 mungkin tidak terlalu dipermasalahkan untuk mereka yang belanja barang-barang mahal seperti smartphone, namun bagaimana jika yang mereka beli adalah barang dengan harga yang tidak terlalu mahal atau bahkan bisa dibilang murah ? tentu fee 5000 akan terasa sangat memberatkan.

Solusi / Cara Mengatasi

Saya yakin Anda sudah tau solusi untuk mengatasi masalah seperti ini, salah satunya dengan cara membuka rekening di lebih banyak bank, baik swasta maupun negeri, jika Anda tak mau repot, sebenarnya ada cara yang lebih mudah yaitu dengan menanggung fee dari setiap transaksi, namun tentunya Anda harus siap rugi atau paling tidak keuntungan yang Anda dapatkan akan terpotong untuk menambal fee tersebut.

3. Kurangnya Kepercayaan Dari Pembeli

Jika permasalahannya seperti ini, maka bisa saya katakan bahwa ini merupakan masalah yang komplek, karena kurangnya kepercayaan dari pembeli bisa disebabkan oleh banyak hal seperti :

• Tampilan website toko online yang kurang profesional
• Menggunakan domain gratisan
• Tidak menyertakan nomor kontak

Dan masih banyak penyebab lainnya, seperti ketiadaan testimoni dari para pembeli yang sebenarnya akan sangat membantu menyakinkan pembeli untuk bertransaksi dengan Anda.

Solusi / Cara Mengatasi

Mudah saja untuk mengatasinya, karena yang Anda perlukan hanya merubah sedikit tampilan dari toko online tersebut menjadi lebih profesional dengan menambahkan nomor kontak. Akan jauh lebih baik lagi jika Anda mengganti extensi domain dari yang gratisan menjadi yang berbayar, entah itu dot com, web id atau dot id.

4. Promosi Yang Kurang Maksimal

Jika Anda tak begitu paham dengan SEO maka jangan berharap pembeli akan datang sendiri, karena hal tersebut ibarat mimpi di siang bolong. Namun Anda tak perlu khawatir juga karena masih banyak media lain yang bisa kita manfaatkan untuk mendapatkan pengunjung.

Media yang saya maksud adalah media sosial seperti Facebook, Twitter atau Instagram. Dari ketiga media tersebut rasanya sudah lebih dari cukup untuk mendatangkan seribu kunjungan ke toko online Anda tiap harinya.

Perlu diketahui pula bahwa sistem pemasaran online tidak selamanya terlihat menguntungkan, jadi sebaiknya Anda baca terlebih dahulu apa saja kelebihan dan kekurangan sistem pemasaran online sebelum memustuskan untuk terjun ke dalam bisnis online.

Solusi / Cara Mengatasi

Perlu diketahui bahwa ada etika promosi yang sebaiknya Anda patuhi saat akan berpromosi di media sosial. Etika pertama adalah hindari menggunakan akun profil facebook untuk berpromosi karena sebaik-baiknya promosi adalah menggunakan akun fanpage facebook. Etika kedua adalah jangan melakukan tag secara sembarangan karena hanya akan meberikan citra buruk kepada calon pelanggan. Selengkapnya silahkan pelajari cara promosi online yang efektif.

5. Tidak Pernah Memberikan Promo

Jika ada dua barang dengan kualitas yang sama, namun harga berbeda, karena yang satu ada promo dan satunya lagi tidak ada promo, maka jelas mayoritas orang akan memilih barang yang ada promo tersebut bahkan orang kaya sekalipun (mungkin) juga akan memilihnya.

Promo yang diberikan tak harus berupa diskon yang tentunya akan membuat Anda 'tombok' untuk mengembalikan modal. Jadi cara melakukan promo yang paling aman adalah dengan memberikan promo untuk pembelian paket bundling, misalnya jika pelanggan membeli produk A dan produk B sekaligus maka akan dapat harga khusus.

Solusi / Cara Mengatasi

"Manjakan Pelanggan" itulah kalimat yang harus Anda pegang untuk mendapatkan loyalitas dari para pelanggan. Memberikan promo adalah satu cara tercepat untuk mendapatkan loyalitas pelanggan dan sekaligus menjadi cara yang paling ampuh untuk mendatangkan banyak pengunjung ke toko online Anda.

6. Penargetan Keyword Yang Kurang Tepat

Masalah toko online sepi juga bisa disebabkan kesalahan dalam menargetkan keyword (kata kunci). Sekeras apapun Anda berusaha jika keyword yang Anda targetkan adalah short keyword dengan persaingan yang tinggi, maka dengan berat hati saya katakan bahwa toko online tersebut bisa dipastikan (nyaris) tak akan mendapatkan pengunjung dari mesin pencari.

Beberapa contoh short keyword yang sebaiknya Anda hindari adalah "jual baju", "jual handphone", "jual laptop" dan masih banyak lagi keyword serupa yang mestinya tidak Anda paksakan untuk berada pada urutan pertama, karena hal tersebut hampir mustahil untuk dicapai.

Solusi / Cara Mengatasi

Solusi paling cerdas adalah dengan memanjangkan keyword atau biasa juga dikenal dengan istilah longtail keyword. Saya contohkan jika Anda penjual "baju muslim" maka cobalah untuk menggunakan longtail keyword seperti misalnya "jual baju koko pria/wanita murah dan berkualitas" dengan keyword yang panjang tentu akan ada lebih banyak peluang untuk menempati ranking 1, karena variasi keyword yang Anda berikan sangat beragam.

Untuk Anda yang belum memiliki toko online namun ingin terjun ke dalam bisnis online, silahkan baca panduan Cara Membuat Toko Online.

* tutorial tersebut saya buat tahap demi tahap dengan bahasa yang sederhana, jadi saya rasa akan sangat mudah dipahami oleh siapa saja meskipun seorang pemula sekalipun.

Itulah beberapa cara mengatasi toko online yang sepi, seperti yang saya katakan diatas, permasalahan / penyebab toko online sepi tentunya sangat beragam, jika masalah toko online Anda sepi tidak terlalu komplek, maka bisa dipastikan keenam solusi mengatasi toko online sepi yang saya berikan diatas akan mampu mengatasi masalah yang Anda hadapi. Selain itu Anda juga bisa membaca Kisah Sukes Para Pebisnis Online Muda Dari Indonesia untuk lebih menambah semangat Anda dalam meraih sukses pada bisnis online shop.

 

Cara Membuat Game dengan Intel XDK Microsoft Windows

Cara Membuat Game dengan Intel XDK Microsoft Windows

 

Cara Membuat Game Sendiri yang saya jelaskan diatas hanyalah dasarnya saja, artinya disini saya tidak masuk ke dalam proses coding, karena jujur saja saya juga belum begitu menguasai HTML5, JavaScript dan kawan-kawannya. Dengan kata lain, artikel ini hanya menjelaskan cara membuat game dengan memanfaatkan source code dari game yang sudah ada, dan selanjutnya silahkan Anda edit game yang sudah jadi tersebut.

Saya rasa cukup sampai disini dulu, akhir kata saya ucapkan terimakasih banyak telah bersedia membaca artikel saya mengenai Cara Membuat Game dengan Intel XDK Microsoft Windows.

Intel XDK merupakan sebuah software atau aplikasi gratis dari Microsoft yang bisa Anda gunakan untuk membuat game berbasis HTML5. Sekedar informasi untuk Anda yang belum paham apa itu HTML5. Singkatnya pengertian HTML5 adalah sebuah bahasa yang digunakan untuk membuat sebuah halaman web maupun aplikasi berbasis web.
Seperti yang kita semua tahu, nyaris seluruh sistem operasi di dunia ini sudah support yang namanya HTML5, baik itu Android, iOS, Windows Phone, Blackberry bahkan Symbian pun sudah mampu membaca bahasa HTML5. Ini artinya kita cukup mendevelop atau membuat 1 Game saja, dan tinggal menconvertnya ke berbagai ekstensi. Mau ke .apk, .sis atau .jar bisa semua. Istilahnya sekali mendayung dua tiga pulau terlampaui.
Kita kembali ke topik. Sesuai judul diatas, disini saya akan sedikit berbagai informasi mengenai Cara Membuat Game melalui Aplikasi Pembuat Game Gratis, yap, aplikasi tersebut adalah Intel XDK.
Yang Menarik dari Intel XDK ini adalah aplikasi ini Mulit Platform, artinya tidak hanya tersedia untuk Windows, namun juga tersedia untuk Sistem Operasi lain, seperti Apple OS X atau Linux.
Untuk Anda yang penasaran apa saja Fitur dari Intel XDK, berikut adalah informasi mengenai beberapa fitur yang ada di aplikasi ini :

• App Preview Crosswalk
• App Designer
• App Starter

Setelah mengenal dan megetahui fitur-fitur yang ada di Intel XDK, kini saatnya kita masuk ke dalam proses pembuatan Game.

Cara Membuat Game

Sebelumnya pastikan Anda sudah mendowload aplikasi Intel XDK, jika belum silahkan Anda kunjungi  untuk mendownloadnya terlebih dahulu, Ukurannya tidak terlalu besar, yaitu hanya sekitar 100 MB lebih kecil dibanding aplikasi untuk buat game lainnya.

1. Install dan Buka Intel XDK
   
   

   

   Cara Membuat Game (Gambar: 1)

   
   Langkah awal tentunya kita harus menginstall terlebih dahulu Aplikasi tersebut.
   
   
2. Silahkan Buat Objek Baru
   
   

   

   Cara Membuat Game (Gambar: 2)

   
   Silahkan Anda buat objek baru dengan cara klik Create a New Object
   
   
3. Pilih Demo Yang Ada di Library
   
   

   

   Cara Membuat Game (Gambar: 3)

   
   Akan ada banyak sekali contoh Aplikasi atau Game yang bisa Anda coba, misalnya adlah Aplikasi Standar 'Hello World'. Atau jika Anda ingin game standar, Anda bisa mengunjungi link ini https://software.intel.com/en-us/html5/articles/flood-puzzle-game untuk mendowonload Source Code dari Game Puzzle.
   
   
4. Edit Code HTML5 dengan Bracket
   
   

   

   Cara Membuat Game (Gambar: 4)

   
   Disinilah kemampuan Anda dalam menguasai bahasa HTML5 ditantang, jadi jika Anda masih asing dengan yang namanya HTML5 saya sarankan sebelum menggunakan Aplikasi ini, cobalah untuk mempelajarinya terlebih dahulu, ada banyak situs gratis yang mengajarkan dasar dari HTML5.
   
   
5. Simulasikan Aplikasi Yang Anda Buat
   
   

   

   Cara Membuat Game (Gambar: 5)

   
   Yang saya suka dengan Aplikasi Intel XDK ini, kita bisa langsung mencoba aplikasi yang kita buat tadi, jadi tidak perlu lagi menginstall Emulator atau semacamnya, karena Intel XDK sudah memberikan fitur Demo App.

Cara Membuat Game Sendiri yang saya jelaskan diatas hanyalah dasarnya saja, artinya disini saya tidak masuk ke dalam proses coding, karena jujur saja saya juga belum begitu menguasai HTML5, JavaScript dan kawan-kawannya. Dengan kata lain, artikel ini hanya menjelaskan cara membuat game dengan memanfaatkan source code dari game yang sudah ada, dan selanjutnya silahkan Anda edit game yang sudah jadi tersebut.

Saya rasa cukup sampai disini dulu, akhir kata saya ucapkan terimakasih banyak telah bersedia membaca artikel saya mengenai Cara Membuat Game dengan Intel XDK Microsoft Windows.

Cara Belajar Komputer Dasar Untuk Pemula

Cara Belajar Komputer Dasar Untuk Pemula Secara Gratis

Berguru SEO Add Comment

Komputer Tips 10 August 2014

Cara Belajar Komputer Dasar

Belajar Komputer Dasar bisa dibilang sebagai pembelajaran utama yang harus Anda kuasai sebelum Anda memutuskan untuk mempelajari hal-hal tentang komputer dalam tingkat lanjut. Namun tak jarang kita dibuat bingung ketika kita ingin belajar komputer, pasalnya jarang sekali ada blog yang mau membhas Cara Belajar Komputer dari Tingkat Dasar - Mahir, meskipun ada biasanya mereka mematok harga tertentu atau dengan kata lain mereka tidak membagikan ilmu tersebut secara Gratis.

Atas dasar itulah, disini saya akan mencoba membagikan apa yang saya ketahui tentang komputer utnuk Anda yang benar-benar masih Pemula secara Gratis. Ya tutorial yang akan saya bagikan dibawah ini sifatnya adalah Gratis tanpa perlu membayar apapun, ya kalau dirasa bermanfaat ya saya tidak menolak jika Anda bersedia membagikan Artikel ini kepada teman Anda yang ada di sosial media.

Kembali ke topik, sesuai judul diatas, tutorial komputer yang akan saya berikan ini benar-benar dari Dasar dan memang saya khusukan untuk Anda para pemula yang ingin belajar komputer. Dan untuk materinya silahkan Anda lihat dibawah ini.

1. Cara Mudah Membuka Situs Yang Diblokir
2. Shortcut Komputer Yang Wajib Untuk Anda Ketahui
3. Kumpulan Perintah Yang Ada di Command Prompt
4. Kumpulan Perintah Dasar Command Run

Silahkan Anda baca mana yang menurut Anda penting untuk dibaca saja, hehe. Tapi yang jelas keempat materi diatas benar-benar dasar, jadi saya yakin Anda tidak akan dibuat bingung ketika membacanya. Untuk itu langsung saja kita bahas materi yang pertama.

Cara Mudah Membuka Situs Yang Diblokir

Untuk membuka situs web yang diblokir baik oleh operator maupun dari kominfo, sebenarnya cukup mudah, dimana Anda bisa memanfaatkan fitur dari Browser opera, yaitu Opera Turbo.

Untuk menggunakan Opera Turbo caranya sangat mudah, pertam buka dulu Browser Opera Anda, versi berapapun, lalu silahkan Anda klik check di bagian Enable Opera Turbo, lihat gambar dibawah agar lebih jelas.

Dari sini saya yakin jika Anda browsing tidak akan terganggu lagi dengan munculnya Internet Positif dari Nawala dan kawan-kawannya. Tapi pastikan Anda menggunakan cara ini dengan bijak ya.

Shortcut Komputer Yang Wajib Untuk Anda Ketahui

Shortcut yang akan saya bagikan ini bersifat dasar, jadi sangat penting untuk Anda menguasainya, agar Anda bisa bekerja lebih cepat dan efektif tentunya. Ohya, shortcut yang saya maksud disini adalah saat kita berada di dalam Menu Folder, baik itu di Local disk C maupun Local disk D.

Ctrl + A = (All) Untuk memilih seluruh file
Ctrl + C = (Copy) Untuk mengcopy sebuah file
Ctrl + N = (New) Membuka library yang sama di halaman baru
Ctrl + R = (Right) Menampilkan kalimat yang diblok menjadi rata kanan
Ctrl + V = (Paste) Menampilkan file yang telah dicopy atau di cut
Ctrl + W = (Wrap) Menutup library yang sedang kita buka
Ctrl + X = (Cut) Berfungsi untuk memindahkan file atau folder
Ctrl + Y = (Redo/Repeat) Untuk kembali pada perintah yang telah dibatalkan
Ctrl + Z = (Undo) Untuk membatalkan perintah sebelumnya

Bonus Shortcut

F2 : (Rename) Mengganti nama sebuah file atau folder
CTRL + Shift + N : (New Folder) Untuk membuat folder baru

Itulah beberapa shortcut dasar komputer yng paling sering saya gunakan, dan dibeberapa aplikasi, shortcut diatas juga berlaku sama, kecuali Bonus Shortcut, karena itu hanya berlaku jika kita berada di dalam Librariy.

Kumpulan Perintah Yang Ada di Command Prompt

Untuk membuka program Comamnd Prompt bisa dengan banyak cara, dan yang paling mudah adalah membukanya melalui Apps (untuk pengguna windows 8).

Seorang pemula dalam komputer seperti saya tentu tidak akan mengetahui Perintah apa saja yang bisa dituliskan di Command Prompt. Setelah berkeliling google akhirnya dapat Blog inggris yang membahas perintah-perintah yang ada di Command Prompt. Dan berikut daftar lengkap perintahnya.

break	Mengaktifkan atau Menonaktifkan fitur CTRL+ C
chcp	Tambahan keyboard Internasional dan karakter set informasi
diskcopy	Menyalin isi dari suatu disk (baik disck c mauapun disk d)
doskey	Berfungsi untuk melihat perintah yang telah dijalankan di masa lalu
dosshell	Sebuah GUI untuk membantu dengan awal pengguna MS-DOS
drivparm	Memungkinkan menimpa driver perangkat asli
extract	Untuk mengeksrtak sebuah file yang berformat zip
fasthelp	Menampilkan daftar perintah MS-DOS
fdisk	Buat partisi pada hard disk drive
keyb	Mengubah tata letak keyboard
lock	Mengunci hard disk drive
mkdir	Perintah untuk membuat direktori baru
msav	Untuk melakukan scan virus di komputer Anda
ping	Melakukan pengujaian koneksi internet
prompt	Melihat dan mengubah perintah MS-DOS
rd	Menghapus sebuah direktori kosong yang ada di Komputer
scandisk	Untuk melakukan scan pada disk C maupun disk D
shutdown	Untuk mematikan atau shutdown komputer dari MS-DOS Prompt
tree	Lihat susunan visual dari hard disk drive
taskkill	Untuk menutup aplikasi yang masih berjalan

Diatas adalah perintah penting yang ada di Command Prompt dan patut untuk Anda pelajari. Selain Command Prompt, masih ada juga Command Run yang akan kita bahas dibawah ini.

Kumpulan Perintah Dasar Command Run

Untuk membuka fitur Run yang ada di Windows, caranya sangat mudah cukup Anda ketikkan tombol Win + R maka akan terbuka jendela kecil di bagian pojok kanan bawah yang bertuliskan Run, seperti gambar dibawah ini.

Tentu jika pertama kali membuka fitur ini Anda akan bingug, dan bertanya-tanya apa saja yang bisa dilakukan dengan fitur Run ini ? jawabannya bisa Anda dapatkan dengan mencoba Command Run dibawah ini.

dxdiag	Melihat Spek Komputer
hdwwiz.cpl	Menambahkan Hardware Wizard
appwiz.cpl	Menambahkan / Menghapus Program
bootim	Masuk Startup Options
sdclt	Backup dan Restore Utility
fsquirt	Bluetooth Transfer Wizard
calc	Membuka Kalkulator
cmd	Membuka Command Prompt
switch	Menghubungkan ke Projector display
dfrg.msc	Melakukan Defrag Disk
fontview2	Untuk Melihat Font
joy	Mengatur Joystick
iexplore3	Membuka Internet Explorer Win8
ipconfig	Mengkofigurasi Settingan IP
main.cpl	Mengatur Perintah Keyboard main
taskkill	Menutup Aplikasi Yang Berjalan
lpksetup	Melihat Paket Bahasa indows
notepad	Membuka Notepad
perfmon	Mengatur Kinerja Monitor
regedit	Mengedit Registry
explorer	Membuka Windows Explorer
wmplayer	Membuka Windows Media Player

Saya rasa cukup sampai disini Cara Belajar Komputer Dasar-nya, dan setelah membaca jangan lupa untuk mempraktekkannya, dengan tujuan untuk memudahkan Anda menyimpan informasi yang baru saja dipelajari.

Skripsi Jurusan Psikologi Pendidikan dan Bimbingan

---

Contoh Judul Skripsi Tesis Pendidikan

Skripsi merupakan salah satu karya ilmiah yang harus disusun oleh mahasiswa sebagai salah satu syarat untuk mendapat gelar sarjana. Untuk jenjang S2 harus membuat karya ilmiah yang disebut tesis.

Sebagai bahan referensi untuk mencari judul skripsi pendidikan ataupun judul tesis pendidikan saya admin belajarpsikologi.com akan berbagi judul skripsi pendidikan (PTK dan lain-lain)
Pada kesempatan ini ada beberapa judul skripsi mengenai pendidikan yang termasuk jenis PTK (Penelitian Tindakan Kelas). Untuk jenis PTK ini memang banyak dicari dan diminati oleh kalangan mahasiswa maupun kalangan pendidik sebagai salah satu syarat untuk kenaikan pangkat.


Berikut contoh judul skripsi pendidikan dan tesis yang saya kutip dari kampus UNY, saya pribadi berharap dan menghimbau kepada pembaca agar digunakan dengan semestinya. Tolong jangan di salah gunakan untuk kepentingan pribadi. Salam Pendidikan!!

Contoh Judul Skripsi Pendidikan PTK dan Tesis Pendidikan

Contoh Judul Skripsi Jurusan Psikologi Pendidikan dan Bimbingan

Ade, Syarifah (2013) UPAYA PENINGKATAN KEPERCAYAAN DIRI MELALUI METODE EXPERIENTIAL LEARNING PADA SISWA KELAS X KAYU A SMK NEGERI 1 KALASAN. Contoh judul skripsi S1 tesis

Argo , Yulan Indrajat (2013) PENINGKATAN PERCAYA DIRI MELALUI METODE JOURNAL WRITING PADA SISWA KELAS XI SMK N 1 DEPOK. Contoh judul skripsi S1 tesis

Arisatun , Manfangati (2013) HAMBATAN DAN STRATEGI PENYELESAIAN PEKERJAAN RUMAH (PR) PADA SISWA KELAS VIII DI SMP NEGERI 1 KARANGREJA TAHUN AJARAN 2012/2013. Contoh judul skripsi S1 tesis

Asih , Fitriani (2013) PERILAKU AGRESIF ANAK ASUH(Studi Kasus Pada Remaja di Panti Asuhan Islam Ibadah Bunda Yogyakarta). Contoh judul skripsi S1 tesis

Asih , Novianti (2013) KEMATANGAN KARIR SISWA KELAS XI SMA N 10 YOGYAKARTA DITINJAU DARI POLA ASUH ORANG TUA. Contoh judul skripsi S1 tesis

Cahyu , Astriwi (2013) EVALUASI PELAKSANAAN BIMBINGAN PRA-NIKAH DI KANTOR URUSAN AGAMA KECAMATAN MINGGIR SLEMAN. Contoh judul skripsi S1 tesis

Dini Dwi , Permatasari (2013) FENOMENA CYBERBULLYING PADA SISWA SMA(LIMA SMA DI KOTA YOGYAKARTA). Contoh judul skripsi S1 tesis

Diyah , Kurniasih (2013) STRES DAN STRATEGI COPING LANSIA PENSIUNAN PEGAWAI NEGERI SIPIL (PNS) DI KECAMATAN POLANHARJO KABUPATEN KLATEN. Contoh judul skripsi S1 tesis

Edwin , Triyanto (2013) PENINGKATAN PENERIMAAN DIRI MELALUI METODE CERITA PADA ANAK PANTI ASUHAN DARUL YATAMA SLEMAN YOGYAKARTA. Contoh judul skripsi S1 tesis

Endah Widya , Prawesti (2013) KONSEP DIRI MAHASISWA PELAKU SEKS BEBAS. Contoh judul skripsi S1 tesis

Evy , Verdiawati (2013) HUBUNGAN ASERTIVITAS DENGAN PROKRASTINASI AKADEMIK PADA SISWA KELAS VIII DI SMP NEGERI 1 KOTA MUNGKID, MAGELANG. Contoh judul skripsi S1 tesis

Firla , Dyah Lutvitasari (2013) PENGEMBANGAN MULTIMEDIA INTERAKTIF TENTANG KECERDASAN INTERPERSONAL DALAM LAYANAN BIMBINGAN PRIBADI SOSIAL PADA SISWA KELAS VIII DI SMP NEGERI 1 MLATI. Contoh judul skripsi S1 tesis

Hilda , Melyza Hanum (2013) PENGEMBANGAN INVENTORI KECERDASAN SOSIAL PADA SISWA SMA. Contoh judul skripsi S1 tesis

Ihsanuddin , Rifai (2013) HUBUNGAN ANTARA LOCUS OF CONTROL INTERNAL DENGAN KEMATANGAN KARIR PADA SISWA KELAS XI DI SMK MUHAMMADIYAH 1 WATES TAHUN PELAJARAN 2012/2013. Contoh judul skripsi S1 tesis

Iis Kukuh , Prasetyo (2013) UPAYA PENINGKATAN KEPERCAYAAN DIRI MELALUI METODE BERMAIN PERAN (ROLE PLAYING) PADA SISWA KELAS VIIID DI SMP N 3 MANISRENGGO. Contoh judul skripsi S1 tesis

Ikmal , Hafiz Akhadi (2013) PERILAKU SEKSUAL ANAK JALANAN DI RUMAH SINGGAH DAN BELAJAR (RSB) DIPONEGORO TAHUN 2012. Contoh judul skripsi S1 tesis

Laely Eri , Pratiwi (2013) HUBUNGAN ANTARA KEMATANGAN EMOSI DENGAN IMPULSIVE BUYING PADA REMAJA. Contoh judul skripsi S1 tesis

Lusi , Andriyani (2013) PENINGKATAN KESADARAN ANTI-BULLYING MELALUI TEKNIK SOSIODRAMA PADA SISWA KELAS XI SMA MUHAMMADIYAH 1 MUNTILAN. Contoh judul skripsi S1 tesis

Natalia , Putri Sejati (2013) HUBUNGAN ANTARA EFIKASI DIRI DENGAN PERILAKU PROKRASTINASI AKADEMIK PADA MAHASISWA BIMBINGAN DAN KONSELING ANGKATAN 2010 UNIVERSITAS NEGERI YOGYAKARTA. Contoh judul skripsi S1 tesis

Nindya , Wijayanti (2013) STRATEGI COPING MENGHADAPI STRES DALAM PENYUSUNAN TUGAS AKHIR SKRIPSI PADA MAHASISWA PROGRAM S1 FAKULTAS ILMU PENDIDIKAN. Contoh judul skripsi S1 tesis

Nisa , Adika (2013) HUBUNGAN ANTARA LOCUS OF CONTROL DAN MORAL REASONING DENGAN PERILAKU MENCONTEK PADA SISWA SMA NEGERI 1 WONOGIRI. Contoh judul skripsi S1 tesis

Nurul , Rintakawati (2013) PENGEMBANGAN INVENTORI KESIAPAN KERJA SISWA SEKOLAH MENENGAH KEJURUAN JURUSAN AKUNTANSI. Contoh judul skripsi S1 tesis

Otia , Nilamayta (2013) IDENTIFIKASI FAKTOR PENYEBAB DAN DAMPAK PERTENTANGAN ANTARA ANAK DAN ORANG TUA DALAM PEMILIHAN JURUSAN PADA SISWA KELAS XI DI SMA NEGERI 1 SANDEN. Contoh judul skripsi S1 tesis

Pandu , Kusumanggoro (2013) HUBUNGAN ANTARA DUKUNGAN SOSIAL DAN ETOS KERJA DENGAN BURNOUT PADA GURU BIMBINGAN DAN KONSELING SEKOLAH MENENGAH ATAS (SMA) DI KABUPATEN BANTUL. Contoh judul skripsi S1 tesis

Pramesti , Ayuningtyas (2013) EVALUASI KINERJA KONSELOR DI SEKOLAH MENENGAH PERTAMA (SMP) SE-KABUPATEN BANTUL. Contoh judul skripsi S1 tesis

Rifal , Ernandi Nugroho (2013) PENINGKATAN KEMAMPUAN PENGAMBILAN KEPUTUSAN KARIR MELALUI METODE GYROSCOPE PADA SISWA KELAS XII SMA NEGERI 1 CAWAS. Contoh judul skripsi S1 tesis, Fakultas Ilmu Pendidikan UNY.

Septiana , Army .D (2013) AKULTURASI PSIKOLOGIS MAHASISWA MINANGKABAUTERHADAP BUDAYA YOGYAKARTA. Contoh judul skripsi S1 tesis

Tri , Widiyani (2013) PENGEMBANGAN MODUL LAYANAN BIMBINGAN PRIBADI TENTANG KECERDASAN EMOSIONAL UNTUK SISWA KELAS IX SMP N 5 WATES. Contoh judul skripsi S1 tesis

Wahyu , Prajawati (2013) SIKAP ORANGTUA TERHADAP ANAKNYA YANG MENYANDANG RETARDASI MENTAL. Contoh judul skripsi S1 tesis

Judul Skripsi Jurusan Administrasi Pendidikan

AGUS, SETIAWAN (2012) PENGARUH PENDAPATAN ORANG TUA DAN PRESTASI BELAJAR KOMPETENSI KEAHLIAN ADMINISTRASI PERKANTORAN TERHADAP MINAT MELANJUTKAN STUDI KE PERGURUAN TINGGI SISWA SMK N 7 YOGYAKARTA TAHUN 2012/2013. Contoh judul skripsi S1 UNY

Ardian, Yunaryo (2012) IMPLEMENTASI KURIKULUM TI NGKAT SATUAN PENDIDIKAN DI SEKOLAH DASAR MASJID SYUHADA’ YOGYAKARTA. Contoh judul skripsi S1 UNY
Ardian, Yunaryo (2012) IMPLEMENTASI KURIKULUM TI NGKAT SATUAN PENDIDIKAN DI SEKOLAH DASAR MASJID SYUHADA’ YOGYAKARTA. Contoh judul skripsi S1 UNY
Ardian, Yunaryo (2012) IMPLEMENTASI KURIKULUM TINGKAT SATUAN PENDIDIKAN DI SEKOLAH DASAR MASJID SYUHADA’ YOGYAKARTA.
Aris, Suharyadi (2012) IMPLEMENTASI E-LEARNING DI FAKULTAS ILMU PENDIDIKAN UNIVERSITAS NEGERI YOGYAKARTA.
Danu Cahyo , Seputro (2012) PERSEPSI KEPALA SEKOLAH TERHADAP TUGAS POKOK DAN FUNGSI (TUPOKSI) KEPALA SEKOLAH DI SEKOLAH DASAR NEGERI SE–UPT WILAYAH YOGYAKARTA UTARA.
Faisal, Hariadi (2012) KUALITAS PELAYANAN SIRKULASI PERPUSTAKAAN DI UNIT PELAKSANA TEKNIS PERPUSTAKAAN UNIVERSITAS NEGERI YOGYAKARTA TAHUN 2012. Contoh judul skripsi S1 UNY
Guntur , Gunawan (2012) PERSEPSI GURU TERHADAP SUPERVISI PENGAWAS DALAM MENINGKATKAN KOMPETENSI PROFESIONALNYA DI SMA NEGERI SE-POKJA 3 KABUPATEN SLEMAN.
Mei, Hidayati (2012) PENGELOLAAN DANA BANTUAN OPERASIONAL SEKOLAH (BOS) DI SMP NEGERI 1 TURI KABUPATEN SLEMAN TAHUN 2011. Contoh judul skripsi S1 UNY
Pamuji, Triyono (2012) MANAJEMEN PENYELENGGARAAN PROGRAM KEAHLIAN TATA BOGA SEKOLAH MENENGAH KEJURUAN NEGERI 1 KALASAN.
SITI HARDYANTI, PATIMAH (2012) PENGELOLAAN PERPUSTAKAAN SEKOLAH DI SEKOLAH DASAR NEGERI SE-KECAMATAN NANGGULAN KABUPATEN KULON PROGO. Contoh judul skripsi S1 UNY
Sandy Bangkit, Laksono (2012) PERSEPSI DAN HARAPAN ORANG TUA TERHADAP SEKOLAH MENENGAH ATAS NEGERI 1 KALASAN SEBAGAI RINTISAN SEKOLAH BERTARAF INTERNASIONAL.
Siti Hardyanti, Patimah (2012) PENGELOLAAN PERPUSTAKAAN SEKOLAH DI SEKOLAH DASAR NEGERI SE-KECAMATAN NANGGULAN KABUPATEN KULON PROGO. Contoh judul skripsi S1 UNY
Tiara , Puspitarini (2012) MANAJEMEN PEMBINAAN KURIKULER PESERTA DIDIK DI SEKOLAH INKLUSI SD NEGERI GEJAYAN TAHUN AJARAN 2011/2012.
Widiastuti, Widiastuti (2012) PERSEPSI GURU SD PASCA SERTIFIKASI TERHADAP KETERAMPILAN KEPEMIMPINAN KEPALA SEKOLAH DALAM PEMBINAAN KINERJA GURU SEKECAMATAN KRETEK KABUPATEN BANTUL.
Yuni , Ratnawati (2012) KOMPETENSI PEDAGOGIK GURU SEKOLAH DASAR SE KECAMATAN KRETEK KABUPATEN BANTUL.

Contoh Judul Skripsi Jurusan Filsafat Sosiologi dan Pendidikan

AMIN, AMIN (2012) PENERAPAN KEBIJAKAN PENDIDIKAN KARAKTER DALAM MENINGKATKAN PRESTASI BELAJAR SISWA DI SDN BABARSARI DEPOK SLEMAN YOGYAKARTA.
Amin, Amin (2012) PENERAPAN KEBIJAKAN PENDIDIKAN KARAKTER DALAM MENINGKATKAN PRESTASI BELAJAR SISWA DI SDN BABARSARI DEPOK SLEMAN YOGYAKARTA.
Berti , Widuri (2012) IMPLEMENTASI KEBIJAKAN PEMUDA SARJANA PENGGERAK PEMBANGUNAN DI PEDESAAN (PSP3) DI PROVINSI DAERAH ISTIMEWA YOGYAKARTA.
Dodi Ardi , Kurniadi (2012) PELAKSANAAN PROGRAM EVALUASI DIRI SEKOLAH (EDS) DI SMP NEGERI 2 TEMPEL.
EVI ROVIKOH, INDAH SAPUTRI (2012) DINAMIKA KULTUR DALAM KEHIDUPAN SEKOLAH DENGAN STATUS RINTISAN BERTARAF INTERNASIONAL DI SMP 2 BREBES. Contoh judul skripsi S1 UNY
Ferdinand, B Tokan (2012) PARTISIPASI WARGA SEKOLAH DALAM PELAKSANAAN PROGRAM PENDIDIKAN INKLUSIF DI SD NEGERI GEJAYAN. Contoh judul skripsi S1 UNY
Ichda Satria Figraha , Arrozy (2012) UPAYA PENINGKATAN SIKAP ASERTIF MELALUI SOSIODRMA PADA SISWA KELAS X.1 ADMINISTRASI PERKANTORAN SMK SUDIRMAN 1 WONOGIRI TAHUN AJARAN 2011/2012.
Ina , Maulida (2012) PERSEPSI SISWA TERHADAP IMPLEMENTASI SISTEM MANAJEMEN MUTU ISO 9001:2008DI SMK MUHAMMADIYAH 3 YOGYAKARTA. Contoh judul skripsi S1 UNY
Juni , Triwahyu (2012) GAMBARAN BUDAYA SEKOLAH PADA RINTISAN SEKOLAH DASAR BERTARAF INTERNASIONAL DI SD NEGERI 4 WATES KULON PROGO. Contoh judul skripsi S1 UNY
RETNO SETYA, PUTRI (2012) PARTISIPASI MASYARAKAT DALAM PROSES KEBIJAKAN MUTU SEKOLAH DI SD KANISIUS KADIROJO KALASAN. Contoh judul skripsi S1 UNY
Rani , Widiowati (2012) KEBIJAKAN REGROUPING DAN RESILIENSI SEKOLAH PASCA ERUPSI MERAPI DI SD NEGERI UMBULHARJO 2.
Redi , Susanto (2012) EFEKTIVITAS PROGRAM SEKOLAH PENYELENGGARA PENDIDIKAN INKLUSIF DI SDN GIWANGAN.
Sony Ferry , Andiyansyah (2012) IMPLEMENTASI KEBIJAKAN SEKOLAH TERBUKA DI SMP TERBUKA KANDANGHAUR INDRAMAYU JAWA BARAT.

Contoh Judul Skripsi Jurusan PGSD, PAUD dan PGTK

Aini, Ulya Nurul (2013) IMPLEMENTASI PENDIDIKAN KARAKTER DI SD NEGERI KRATON YOGYAKARTA.

Airin Setyarini, (2013) UPAYA MENINGKATKAN PERHATIAN SISWA MELALUI METODE BERCERITA DENGAN MEDIA WAYANG ANGKREK PADA SISWA KELOMPOK B2 TK ASSA’ADAH BALEDONO PURWOREJO.

Aisyah Umi Lathifah, (2013) HUBUNGAN ANTARA KOMPETENSI PROFESIONAL DENGAN KINERJA GURU DI TAMAN KANAK-KANAK SE-KECAMATAN SEMPOR KABUPATEN KEBUMEN.

Amirudin, – (2013) PENGARUH STRATEGI PEMBELAJARAN AKTIF KREATIF EFEKTIF DAN MENYENANGKAN (PAKEM) TERHADAP MOTIVASI DAN HASIL BELAJAR ILMU PENGETAHUAN ALAM (IPA) SISWA KELAS V SD SE GUGUS 3 KARANGSARI PENGASIH KULON PROGO. Contoh judul skripsi S1 UNY

Apriani , Purwanti (2013) PENINGKATAN KECERDASAN INTRAPERSONAL ANAK MELALUI KEGIATAN BERCERITA MENGGUNAKAN MEDIA GAMBAR PADA KELOMPOK A DI TK PKK 21 KRANDOHAN SEWON BANTUL.

Ariyanti, Zeni Dwi (2013) PENGGUNAAN SEDOTAN SEBAGAI MEDIA PEMBELAJARAN UNTUK MENINGKATKAN PRESTASI BELAJAR MATEMATIKA MATERI POKOK PENJUMLAHAN DAN PENGURANGAN BILANGAN CACAH PADA SISWA KELAS 1 SD N SANGGRAHAN, BENDUNGAN, WATES, KULON PROGO. Contoh judul skripsi S1 UNY

Arosy, Yuwanita Nur Konsul (2013) PENINGKATAN HASIL BELAJAR MATEMATIKA MELALUI PEMBELAJARAN KOOPERATIF TIPE NUMBERED HEADS TOGETHER (NHT) PADA SISWA KELAS V SD NEGERI KEBONSARI BOROBUDUR MAGELANG. Contoh judul skripsi S1 UNY

Asri Yudi , Arti (2013) MENINGKATKAN KETERAMPILAN MOTORIK KASAR ANAK KELOMPOK A MELALUI PERMAINAN KUDA BISIK DI TK ABA GEDONGKUNING YOGYAKARTA.

Asroviyatun, (2013) PENINGKATAN KEMAMPUAN SOSIAL MELALUI PERMAINAN KECIL TANPA ALAT PADA ANAK KELOMPOK A TK ABA PAJANGAN BERBAH SLEMAN YOGYAKARTA.

Astria, Citra Nungky (2013) UPAYA MENINGKATKAN KEMAMPUAN MEMAINKAN DRAMA MELALUI PENDEKATAN PAKEM DI KELAS V SD KASIHAN BANTUL TAHUN AJARAN 2012/2013. Contoh judul skripsi S1 UNY

Astuti, Desi Dwi Nur (2013) PENINGKATAN HASIL BELAJAR MATEMATIKA MELALUI PENDIDIKAN MATEMATIKA REALISTIK (PMR) SISWA KELAS VI SD NEGERI JATISARI KECAMATAN MLATI KABUPATEN SLEMAN.

Atika Nurjannah, (2013) PENGARUH PENGGUNAAN METODE PROYEK DALAM PENGENALAN SAINS TERHADAP PERKEMBANGAN KEMAMPUAN KOGNITIF ANAK KELOMPOK B TK AISYAH BUSTANUL ATHFAL BLUNYAHGEDE SINDUADI MLATI SLEMAN. Contoh judul skripsi S1 UNY

Basuki, Makmun (2013) MENINGKATKAN KEMAMPUAN MENULIS TEGAK BERSAMBUNG MELALUI METODE MENJIPLAK PADA SISWA KELAS II SD BANYUDONO 4 DUKUN MAGELANG.

Berty Ivanintyas , Cahyaningrum (2013) UPAYA MENGEMBANGKAN KECERDASAN INTERPERSONAL MELALUI PERMAINAN SOSIODRAMA PADA ANAK KELOMPOK A DI TK MASYITHOH TEMANGGUNG KABUPATEN GUNUNGKIDUL. Contoh judul skripsi S1 UNY

Chodariyah, Dwi Enik Nuzul (2013) MENINGKATKAN KETERAMPILAN MENGGUNAKAN EYD MELALUI PEMBELAJARAN KOOPERATIF TIPE BERTUKAR PASANGAN.

Cilik Damaryani, (2013) PENINGKATAN KETERAMPILAN PROSES SAINS MELALUI PENDEKATAN OPEN INQUIRY PADA ANAK KELOMPOK B DI TK PERTIWI 54 TERUMAN, BANTUL.

Dwiuntari, Vita (2013) PENERAPAN PENDEKATAN QUANTUM TEACHING DALAM PEMBELAJARAN IPA UNTUK MENINGKATKAN PENGUASAAN KONSEP SISWA KELAS IV SD NEGERI KEJAMBON 2.

Endang , Sulistyani (2013) PENINGKATAN PEMAHAMAN KONSEP BILANGAN MENGGUNAKAN PERMAINAN KARTU ANGKA DI KELAS A TK PKK 19 BONGGALAN SRIGADING,SANDEN, BANTUL,YOGYAKARTA.

Eni Ernawati, (2013) Meningkatkan Keterampilan Mengucapkan Kata Benda Melalui Media Benda Hidup Di KB Harapan Bunda, Dusun Kembangsongo Trimulyo Jetis Bantul Yogyakarta.

Ening Opsiyah, (2013) MENGEMBANGKAN KETERAMPILAN BERBICARA ANAK USIA DINI MELALUI MEDIA POWERPOINT PADA ANAK KELOMPOK B2 TAMAN KANAK KANAK AISYIYAH BUSTANUL ATHFAL GENDINGAN YOGYAKARTA.

Eny Fitriana, (2013) UPAYA MENINGKATKAN DISIPLIN PADA ANAK KELOMPOK B TK AISYIYAH BUSTANUL ATHFAL GLUNTUNG PANDAK BANTUL MELALUI METODE BERCERITA.

Erna Wuliastuti, (2013) MENINGKATKAN HASIL BELAJAR SAINS MENGGUNAKAN MEDIA LINGKUNGAN ALAM PADA ANAK KELOMPOK B2 TK AL HIDAYAH TERBAH, PENGASIH, KULON PROGO, YOGYAKARTA.

Ernawati, (2013) PENINGKATAN KETERAMPILAN MOTORIK KASAR MELALUI PERMAINAN KECIL DENGAN ALAT BOLA PADA ANAK KELOMPOK A DI TK ABA PENDEKAN TIRTORAHAYU GALUR KULON PROGO.

Ernawati, Dwi Endah (2013) PENINGKATAN PEMAHAMAN KONSEP MATEMATIKA MATERI BANGUN DATAR SEGIEMPAT MELALUI PENERAPAN TEORI BELAJAR VAN HIELE PADA SISWA KELAS III SD NEGERI CORONGAN DEPOK SLEMAN YOGYAKARTA.

Ernawati, Dwi Endah (2013) PENINGKATAN PEMAHAMAN KONSEP MATEMATIKA MATERI BANGUN DATAR SEGIEMPAT MELALUI PENERAPAN TEORI BELAJAR VAN HIELE PADA SISWA KELAS III SD NEGERI CORONGAN DEPOK SLEMAN YOGYAKARTA.

Estika Endriasari, (2013) MENINGKATKAN EMPATI MENGGUNAKAN METODE BERMAIN PERAN PADA ANAK KELOMPOK A3 TK ABA KARANGKAJEN YOGYAKARTA.

Faelina, (2013) PENGENALAN BILANGAN DALAM MENSTIMULASI PERKEMBANGAN KOGNITIF ANAK KELOMPOK A DI TK GUGUS II MAWAR WIROBRAJAN.

Fajaryanti, Mare Asia (2013) IDENTIFIKASI PERMASALAHAN PELAKSANAAN LAYANAN BIMBINGAN DAN KONSELING DI SEKOLAH DASAR MUHAMMADIYAH MUTIHAN WATES KULON PROGO.

Fatmi Lestari, (2013) UPAYA MENINGKATKAN KEMAMPUAN MENGENAL POLA MELALUI MEDIA PAPAN FLANEL PADA ANAK KELOMPOK A DI TK LKMD TROWOLU SUMBERMULYO BAMBANGLIPURO BANTUL DIY.

Fitriana, Shinta (2013) PENINGKATAN PRESTASI BELAJAR SISWA MENGGUNAKAN METODE EKSPERIMEN PADA MATA PELAJARAN IPA MATERI KANDUNGAN GIZI PADA MAKANAN DI KELAS VB SD NEGERI SLEMAN 3.

Fitriani, Nur Farida (2013) PENINGKATAN PRESTASI BELAJAR MATERI PETA MELALUI PENDEKATAN CONTEXTUAL TEACHING AND LEARNING PADA SISWA KELAS IV SD GANDOK BANTUL.

Gerhastuti, Widyana Cahyaning (2013) MENINGKATKAN PEMAHAMAN KONSEP PENGURANGAN PADA PECAHAN MENGGUNAKAN ALAT PERAGA TEROPONG PECAHAN SISWA KELAS IVB SD NEGERI BANGIREJO 1 YOGYAKARTA.

Handani, Dita Febri (2013) MINAT SISWA KELAS III TERHADAP FULL DAY SCHOOL DI SD MUHAMMADIYAH GUNUNGPRING MUNTILAN MAGELANG TAHUN AJARAN 2012/2013.

Heni Listyorini, (2013) MENINGKATKAN KEMAMPUAN KOMUNIKASI ANAK MELALUI BERMAIN PERAN DI KELOMPOK BERMAIN KUNCUP MEKAR GUNUNGSAREN LOR TRIMURTI SRANDAKAN BANTUL.

Hestarini, Rifki (2013) UPAYA MENINGKATKAN PRESTASI BELAJAR MATEMATIKA MELALUI PENERAPAN MODEL PEMBELAJARAN KOOPERATIF TIPE STAD (STUDENT TEAMS-ACHIEVEMENT DIVISIONS)PADA SISWA KELAS V SDN PANDANPURO 2 PAKEM SLEMAN.

Hidayati, Isni (2013) PENINGKATAN KETERAMPILAN MEMBACA PEMAHAMAN MELALUI PENGGUNAAN MEDIA GAMBAR PADA SISWA KELAS IIB SEKOLAH DASAR NEGERI SINDUADI I MLATI KAB. SLEMAN YOGYAKARTA.

Hindayani, Rina (2013) PENGGUNAAN MEDIA KARTU REMI SEBAGAI UPAYA MENINGKATKAN PRESTASI BELAJAR PENJUMLAHAN BILANGAN BULAT SISWA KELAS IV SDN WATES 2 MAGELANG.

ISTIYANI, (2013) MENGEMBANGKAN KEMAMPUAN MOTORIK KASAR MELALUI PERMAINAN MELEMPAR DAN MENANGKAP BOLA KECIL PADA KELOMPOK A DI TK ABA MELIKAN I WEDI KLATEN.

Ina YaniNurAiniy, (2013) PEMBELAJARAN KOMPUTER KELOMPOK B DI TAMAN KANAK-KANAK NEGERI 2 YOGYAKARTA.

Inayati, Farida Faizah (2013) PENINGKATAN KETERAMPILAN MENULIS KARANGAN NARASI MELALUI PEMBELAJARAN KONTEKSTUAL PADA SISWA KELAS V SD NEGERI SUMBER I BERBAH SLEMAN TAHUN AJARAN 2012/2013.

Indah Nurhayati, (2013) PENINGKATAN KEMAMPUAN KOGNITIF MELALUI HANDS ON ACTIVITY SAINS PADA KELOMPOK B DI RA HIDAYATUL QUR’AN MANISRENGGO KLATEN.

Istirahah , Miftahul (2013) PENINGKATAN HASIL BELAJAR IPS MELALUI MODEL PEMBELAJARAN KOOPERATIF TIPE STUDENT TEAMS ACHIEVEMENT DIVISIONS PADA SISWA KELAS IV SD N SUSUKAN KECAMATAN SEYEGAN KABUPATEN SLEMAN.

Juminah, (2013) PENINGKATAN KEMAMPUAN MENGENAL BENTUK GEOMETRI MELALUI PERMAINAN BALOK PADA SISWA KELOMPOK A DI TK ABA MALANGAN SENTOLO KULON PROGO YOGYAKARTA.

Juwati, (2013) PENGEMBANGAN KETERAMPILAN MOTORIK HALUS MELALUI BERMAIN PLAYDOUGH PADA ANAK USIA DINI DI KELOMPOK A1 TK AISYIYAH BUSTANUL ATHFAL NGORO-ORO PATUK GUNUNGKIDUL YOGYAKARTA.

Kadarsih, Nunik (2013) PELAKSANAAN MANAJEMEN SEKOLAH DI SD PIYUNGAN KECAMATAN PIYUNGAN KABUPATEN BANTUL.

Kelara, Pipeh (2013) HUBUNGAN ANTARA KOMUNIKASI ORANG TUA-ANAK DENGAN KEMANDIRIAN BELAJAR PADA SISWA KELAS IV SEKOLAH DASAR SE-GUGUS BERINGIN DI KECAMATAN PRINGSURAT KABUPATEN TEMANGGUNG TAHUN AJARAN 2012/2013.

Kuntari , Dwiana Dyah (2013) UPAYA MENINGKATKAN PRESTASI BELAJAR IPS MELALUI PENDEKATAN LINGKUNGAN ALAM SEKITAR PADASISWA KELAS IV SD N BANDARSEDAYU KECAMATAN WINDUSARI KABUPATEN MAGELANG.

Kusumahati, Titik Rahayu (2013) MENINGKATKAN PRESTASI BELAJAR MATEMATIKA MATERI PERKALIAN PADA BILANGAN CACAH DENGAN MENERAPKAN TEORI BELAJAR BRUNER PADA SISWA KELAS III SD NEGERI KEMANUKAN KABUPATEN PURWOREJO.

Kyky Julianti Setyaningrum, (2013) UPAYA MENGEMBANGKAN KEMAMPUAN MOTORIK HALUS MENGGUNAKAN TEKNIK 3M (MELIPAT, MENGGUNTING DAN MENEMPEL) PADA ANAK KELOMPOK A DI TK ABA KARANG KALASAN.

Larasati, Lisa Kurnia (2013) PENINGKATAN PRESTASI BELAJAR IPS MELALUI METODE SOSIODRAMA PADA SISWA KELAS VA SD NEGERI SIDOMULYO, KEC. SECANG, KAB. MAGELANG.

Maisari, Ika (2013) MENINGKATKAN HASIL BELAJAR IPS MELALUI PEMBELAJARAN KOOPERATIF TIPE NUMBERED HEADS TOGETHER (NHT) PADA SISWA KELAS V SD NEGERI REJODANI NGAGLIK SLEMAN.

Maisaroh, Novi (2013) FAKTOR-FAKTOR YANG MEMPENGARUHI KEMANDIRIAN BELAJAR SISWA KELAS VA SD N PANEMBAHAN TAHUN AJARAN 2012-2013.

Mardikarini, Sasi (2013) PENGUASAAN KOMPETENSI PEDAGOGIK GURU SEKOLAH DASAR SE-GUGUS TAMPOMAS KECAMATAN PAGEDONGAN KABUPATEN BANJARNEGARA.

Marina, Rina Dewi (2013) PENGGUNAAN PETA KONSEP ( CONCEPT MAPPING ) UNTUK MENINGKATKAN PRESTASI BELAJAR SISWA PADA MATA PELAJARAN IPS KELAS V SDN WONOROTO, KECAMATAN WINDUSARI, KABUPATEN MAGELANG.

Marisa, Lutfiana (2013) UPAYA MENINGKATKAN KEAKTIFAN BELAJAR IPA PADA MATERI SIFAT-SIFAT CAHAYA MELALUI PENDEKATAN GUIDED DISCOVERY PADA SISWA KELAS V SD N 1 KARANGDUREN KLATEN.

Marwanti, (2013) MENGEMBANGKAN KETERAMPILAN MOTORIK HALUS MELALUI AKTIVITAS MENGGAMBAR DI TK PEDAGOGIA KELOMPOK A TAHUN AJARAN 2012/2013.

Maryanti, Puji Tri (2013) PENINGKATAN PEMAHAMAN KONSEP IPS MELALUI METODE PETA KONSEP PADA SISWA KELAS IV A SD NEGERI SALAM 01 TAHUN AJARAN 2012/2013.

Monaliza, Kasih Eka (2013) PENINGKATAN KETRAMPILAN MEMBACA PERMULAAN DENGAN MEDIA KARTU KATA UNTUK KELAS I SD NEGERI SRIWEDARI I KECAMATAN MUNTILAN.

Muji Rahayu, (2013) PENINGKATAN KEMAMPUAN MEMBACA PERMULAAN ANAK USIA 5-6 TAHUN MENGGUNAKAN MEDIA KARTU HURUF DI TK ABA GLODOGAN 1 KECAMATAN KLATEN SELATAN KABUPATEN KLATEN.

Munawaroh, – (2013) UPAYA MENINGKATKAN HASIL BELAJAR SISWA PADA MATERI PENJUMLAHAN BILANGAN BULAT KELAS IVB SD BANGUNJIWO MELALUI MODEL PEMBELAJARAN KOOPERATIF TIPE TEAMS GAMES TOURNAMNETS (TGT).

Munawarsih, (2013) MENINGKATKAN KEMAMPUAN MOTORIK KASAR MELALUI PERMAINAN MELEMPAR DAN MENANGKAP BOLA PADA ANAK KELOMPOK B2 DI TK KEMALA BHAYANGKARI 02 YOGYAKARTA.

Neni Tri, Wahyuni (2013) PENINGKATAN PERKEMBANGAN KOGNITIF ANAK MELALUI PENGGUNAAN BENDA-BENDA KONKRET (NYATA) KELOMPOK A TK ABA V GANJURAN BOROBUDUR MAGELANG.

Nginayah, Malikhatul (2013) PENINGKATAN PRESTASI BELAJAR IPS MELALUI METODE PEMBELAJARAN PETA PIKIRAN PADA SISWA SD N NGARGORETNO 2 SALAMAN MAGELANG.

Niken Dita Kartika Damayanti, (2013) UPAYA MENGEMBANGKAN NILAI KEBERANIAN DAN KERJASAMA MELALUI METODE BERMAIN PERAN KELOMPOK A DI TK KUSUMA II BABARSARI YOGYAKARTA.

Nugrahani, Zepty Dyah (2013) PENINGKATAN MINAT SISWA DALAM PEMBELAJARAN IPA MELALUI MODEL PEMBELAJARAN TGT TEAMS GAMES TOURNAMENT MENGGUNAKAN TEKA-TEKI SILANG PADA SISWA KELAS V SD NEGERI KEPUTRAN A YOGYAKARTA.

Nurul Halimah, (2013) UPAYA MENINGKATKAN KETERAMPILAN MENGAMATI (SENSING) MELALUI PENGGUNAAN METODE DISCOVERYPADA ANAK KELOMPOK B1 TK BATIK PPBI YOGYAKARTA.

Oktiantari, Ratna (2013) UPAYA PENINGKATAN PRESTASI BELAJAR IPS MELALUI MEDIA GAMBAR SISWA KELAS IV SD NEGERI SUNGAPAN SEDAYU BANTUL.

PAMUNGKAS, MELDA PUTRI (2013) MENINGKATKAN HASIL BELAJAR IPS MENGGUNAKAN MEDIA POWER POINT SISWA KELAS IV SD TIDAR 3 KOTA MAGELANG.

Pamungkas, Melda Putri (2013) MENINGKATKAN HASIL BELAJAR IPS MENGGUNAKAN MEDIA POWER POINT SISWA KELAS IV SD TIDAR 3 KOTA MAGELANG.

Pariyem, – (2013) PENINGKATAN KETERAMPILAN MENULIS KARANGAN DESKRIPSI MELALUI MEDIA GAMBAR BERSERI PADA SISWA KELAS IV SD NEGERI NGARGOMULYO KECAMATAN DUKUN, KABUPATEN MAGELANG.

Prastiwi, (2013) MENINGKATKAN KETERAMPILAN BERBICARA ANAK KELOMPOK B DENGAN CERITA BERGAMBAR DI TK ABA AL FAJAR, CEPOKO TRIRENGGO BANTUL.

Prastiwi, (2013) MENINGKATKAN KETERAMPILAN BERBICARA ANAK KELOMPOK B DENGAN CERITA BERGAMBAR DI TK ABA AL FAJAR, CEPOKO TRIRENGGO BANTUL.

Pratiwi, Saktyasita Dewi (2013) HUBUNGAN LAYANAN BIMBINGAN BELAJAR GURU DAN KEDISIPLINAN BELAJAR DENGAN PRESTASI BELAJAR BIDANG STUDI YANG DI UNAS KAN KELAS VI GUGUS PANGGANG KECAMATAN PANGGANG KABUBATEN GUNUNGKIDUL SEMESTER II TAHUN PELAJARAN 2011/2012.

Prihadi, Iksan (2013) PERSEPSI SISWA KELAS TINGGI TENTANG KETERAMPILAN PEMBERIAN PENGUATAN GURU DI SD SE GUGUS R.A. KARTINI KECAMATAN KUTOARJO KABUPATEN PURWOREJO.

Prihatsari, Yulia (2013) PENINGKATAN HASIL BELAJAR PECAHAN MENGGUNAKAN PEMBELAJARAN KOOPERATIF TIPE STAD PADA SISWA KELAS V SD NEGERI I DUWET NGAWEN KLATEN.

Pujiastuti, Ari (2013) PENERAPAN PENDEKATAN LINGKUNGAN ALAM SEKITAR (PLAS) SEBAGAI UPAYA UNTUK MENINGKATKAN HASIL BELAJAR IPA MATERI BAGIAN-BAGIAN TUMBUHAN DAN FUNGSINYA DI KELAS IV SDN PANCURANMAS.

Purnamasari, Veryliana (2013) KONTRIBUSI SELF EFFICACY TERHADAP PRESTASI BELAJAR MATEMATIKA SISWA SEKOLAH DASAR KELAS V SEGUGUS V KECAMATAN SENTOLO KABUPATEN KULON PROGO.

Purnasari, Rita (2013) MENINGKATKAN MOTIVASI BELAJAR SISWA KELAS V SD TAMAN MUDA IBU PAWIYATAN TAMANSISWA YOGYAKARTA DENGAN MODEL QUANTUM TEACHING.

Purwaningsih, Wiwit (2013) MENINGKATKAN PRESTASI BELAJAR OPERASI HITUNG BILANGAN BULAT DENGAN MENGGUNAKAN ALAT PERAGA OPERASI HITUNG BILANGAN BULAT PADA SISWA KELAS IV SD N 1 PENGASIH KULON PROGO.

Purwanti, Dwi (2013) MENINGKATKAN PRESTASI BELAJARPENDIDIKAN KEWARGANEGARAAN (PKn)DENGAN MEDIA GAMBAR SISWA KELAS IC SDN LEMPUYANGAN I, YOGYAKARTA TAHUN AJARAN 2012/2013.

Qodir , Muhammad Fathul (2013) MENINGKATKAN HASIL BELAJAR IPS MELALUI PENERAPAN MODEL PEMBELAJARAN KOOPERATIF TIPE STAD (STUDENT TEAM ACHIEVEMENT DIVISION ) PADA SISWA KELAS V SDN KIYARAN 1 CANGKRINGAN SLEMAN.

Rafikaningtyas, Arie (2013) PENGARUH PENERAPAN METODE SAS TERHADAPKEMAMPUAN MEMBACAPERMULAAN SISWA KELAS 1 SD NEGERI BLONDO 3.

Rahayu, Purwanita (2013) UPAYA MENINGKATKAN HASIL BELAJAR ILMU PENGETAHUAN SOSIAL MELALUI STRATEGI MULTIPLE INTELLIGENCES PADA SISWA KELAS VI SD NEGERI SALAKAN LOR KECAMATAN KALASAN SLEMAN.

Rayungsari, Erna (2013) MENINGKATAN HASIL BELAJAR PERKALIAN BILANGAN CACAH MELALUI PEMBELAJARAN MATEMATIKA REALISTIK DI SD.

Rokhayati, – (2013) PENGARUH PENGGUNAAN ALAT PERAGA MODEL PRISMA SEGI EMPAT TERHADAP HASIL BELAJAR MATEMATIKA PADA MATERI PRISMA SEGI EMPAT PADA SISWA KELAS V SD N BONGSREN.

Rosita , Marsi (2013) PENINGKATAN HASIL BELAJAR MATEMATIKA MENGGUNAKAN ALAT PERAGA KARTON HITAM PUTIH PADA MATERI PENJUMLAHAN BILANGAN BULAT KELAS IV SD N KARANG JENGKOL 03 TAHUN AJARAN 2012/2013.

Rositawati, – (2013) UPAYA MENINGKATKAN KEMAMPUAN MENULIS PUISI MENGGUNAKAN METODE PERMAINAN PADA SISWA KELAS III SD NEGERI TLACAP SLEMAN.

Sabandini, Meirina (2013) PERANAN PENGUATAN UNTUK MENINGKATKAN KEMAMPUAN MEMBACA SISWA KELAS I SD NEGERI BERBAH I SLEMAN.

Setiawan, Rico Dedi (2013) HUBUNGAN ANTARA MINAT BELAJAR DAN PRESTASI BELAJAR MATEMATIKA SISWA KELAS V SD NEGERI SE-GUGUS KARANGMOJO III KABUPATEN GUNUNGKIDUL TAHUN AJARAN 2012/2013.

Siamita, Rifqilya Purbo (2013) MENINGKATKAN KEMAMPUAN MENYELESAIKAN SOAL CERITA YANG MELIBATKAN PENGURANGAN PADA BILANGAN CACAH MELALUI PENERAPAN PENDIDIKAN MATEMATIKA REALISTIK PADA SISWA KELAS II SD N DEPOK 1 KECAMATAN DEPOK KABUPATEN SLEMAN.

Sinta Hapsari, (2013) UPAYA MENINGKATKAN KETERAMPILAN MOTORIK KASAR MELALUI BERMAIN SIMPAI PADA KELOMPOK B TK PUSPASIWI II KECAMATAN SEYEGAN SLEMAN YOGYAKARTA.

Siti Chumaidah, (2013) MENINGKATKAN KEMAMPUAN BERHITUNG PERMULAAN MELALUI METODE BERMAIN DENGAN KARTU BERGAMBAR PADA ANAK KELOMPOK B DI TK ‘AISYIYAH KARANG SEMUT TRIMULYO JETIS BANTUL.

Siti Fathonah, (2013) PENINGKATAN KEMAMPUAN BERHITUNG ANGKA SATU SAMPAI SEPULUH MELALUI BERMAIN KOIN KARTU DI KELOMPOK A1 TK ABA KETANGGUNGAN YOGYAKARTA.

Siti Fathonah, (2013) PENINGKATAN KEMAMPUAN BERHITUNG ANGKA SATU SAMPAI SEPULUH MELALUI BERMAIN KOIN KARTU DI KELOMPOK A1 TK ABA KETANGGUNGAN YOGYAKARTA.

Sophiany, Tyas Ayu (2013) UPAYA PENINGKATAN PRESTASI BELAJAR IPS MELALUI MEDIA GAMBAR PADA SISWA KELAS IV SD NEGERI JETIS KABUPATEN KULON PROGO TAHUN 2011/2012.

Sophiany, Tyas Ayu (2013) UPAYA PENINGKATAN PRESTASI BELAJAR IPS MELALUI MEDIA GAMBAR PADA SISWA KELAS IV SD NEGERI JETIS KABUPATEN KULON PROGO TAHUN 2011/2012.

Sudarmiyati, (2013) UPAYA MENINGKATKAN KEMAMPUAN BERBICARA ANAK MELALUI METODE BERCERITA DI TK A BENISO RANDUBELANG SEWON BANTUL.

Sugiharti , Reni (2013) PENINGKATAN HASIL BELAJAR MATEMATIKA BERBASIS PENDIDIKAN MATEMATIKA REALISTIK PADA SISWA KELAS V SD NEGERI SIRAHAN 2 KECAMATAN SALAM.

Sumarni, – (2013) MENINGKATKAN KETERAMPILAN OPERASI HITUNG PECAHAN MELALUI METODE DISKUSI PADA SISWA KELAS V SD NEGERI KALIBENING KECAMATAN DUKUN KABUPATEN MAGELANG SEMESTER II TAHUN PELAJARAN 2011/2012.

Suranti, Ika Sri (2013) STUDI IMPLEMENTASI MEDIA PEMBELAJARAN DALAM MATA PELAJARAN IPA OLEH GURU KELAS IV SD SE KECAMATAN BANTUL.

Susanti, Riris (2013) PENGARUH PERAN KEPALA SEKOLAH TERHADAP KINERJA GURU KELAS SD DI DESA SUMBERADI KECAMATAN MLATI KABUPATEN SLEMAN TAHUN AJARAN 2011/2012.

Sutijah, (2013) MENINGKATKAN KEMAMPUAN BERBICARA ANAK USIA DINI MELALUI METODE BERMAIN PERAN DI TK ABA AMONG PUTRA BABADAN BANTUL.

Tika Noviasari, (2013) PENINGKATAN KEMAMPUAN MOTORIK KASAR MELALUI PERMAINAN LARI ZIG-ZAG DAN BAKIAK PADA SISWA KELOMPOK BI RA MASYITHOH SEGOROYOSO II.

Utami, Hanafita Hajar (2013) PENGEMBANGAN LEMBAR KERJA SISWA BERBASIS METODE PERCOBAAN UNTUK MENGOPTIMALKAN PEMAHAMAN KONSEP PADA PEMBELAJARAN SAINS KELAS V SD NEGERI TROWONO II.

Utami, Jari (2013) UPAYA MENINGKATKAN KETERAMPILAN BERBICARA BAHASA JAWA DENGAN PEMBELAJARAN KOOPERATIF TIPE JIGSAW DI KELAS IV SD NEGERI 3 TLOGOWATU KLATEN.

Utami, Tri (2013) IMPLEMENTASI PENDEKATAN SAINS TEKNOLOGI MASYARAKAT DALAM UPAYA MENINGKATKAN HASIL BELAJAR IPS PADA SISWA KELAS III SDN I BLIMBING KARANGNONGKO KLATEN.

WIJAYANTI, ENY (2013) PENINGKATAN KETERAMPILAN MENULIS KARANGAN NARASI DENGAN MODEL PEMBELAJARAN KONTEKSTUAL SISWA KELAS IVA SD NEGERI JAGERAN SEWON BANTUL.

Wardani, Dika Setya (2013) PERBEDAAN HASIL BELAJAR ILMU PENGETAHUAN SOSIAL ANTARA KELAS DENGAN MODEL QUANTUM TEACHING DAN ROLE PLAYING PADA SISWA KELAS V SD NEGERI PITURUH KECAMATAN PITURUH KABUPATEN PURWOREJO.

Wari, Istirin (2013) PENINGKATAN HASIL BELAJAR PENGUKURAN MELALUI MODEL PEMBELAJARAN KOOPERATIF THE POWER OF TWO PADA SISWA KELAS IV SD NEGERI I MAYUNGAN NGAWEN KLATEN.

Wibowo, Wisnu (2013) DIAGNOSIS KESULITAN BELAJAR ILMU PENGETAHUAN ALAM KELAS IV SD NEGERI SINGOSAREN, BANGUNTAPAN BANTUL YOGYAKARTA.

Widanarti, Novi Indah (2013) HUBUNGAN KEMAMPUAN MEMBACA PEMAHAMAN DENGAN PRESTASI BELAJAR IPS SISWA SD KELAS V SE-GUGUS II DI KECAMATAN GALUR, KABUPATEN KULON PROGO TAHUN AJARAN 2012/2013.

Winda Wahyuni, (2013) PENGEMBANGAN KETERAMPILAN MOTORIK HALUS ANAK MELALUI KEGIATAN MEMBENTUK BENDA DENGAN BAHAN LUNAK DI TK ABA PERENG KABUPATEN KULON PROGO.

Wulandari, Sri (2013) UPAYA MENINGKATKAN HASIL BELAJAR MATEMATIKA SISWA DI KELAS III SD NEGERI TANGKISAN POS DENGAN MENERAPKAN LANGKAH-LANGKAH TEORI BELAJAR BRUNER.

Yani Candra , Dewanti (2013) UPAYA MENINGKATKAN KEMAMPUAN MENCERITAKAN KEMBALI ISI CERITA MELALUI GAMBAR BERSERI PADA SISWA KELOMPOK A DI TK ABA GEDONG TENGEN YOGYAKARTA.

Yulinda Rohedy , Yoshoawini (2013) PENGELOLAAN EMOSI ANAK USIA 4-5 TAHUN DALAM PROSES PEMBELAJARAN DI TK AL-AZHAR 31 YOGYAKARTA.

Yunita Dewanti Munica, (2013) MENINGKATKAN KETERAMPILAN MOTORIK HALUS MELALUI KEGIATAN MENGANYAM PADA ANAK KELOMPOK B DI TK PKK SINDUMARTANI NGEMPLAK SLEMAN.

Karena sudah terlalu malam, saya cukupkan sekian dulu ya, untuk jurusan kurikulum teknologi pendididikan, pendidikan luar biasa dan pendidikan luar sekolah akan saya share lain kali. Saya kembali mengingatkan, contoh judul skripsi tersebut mohon untuk tidak disalah gunakan. Hormati karya orang lain. Sekian semoga judul skripsi pendidikan tersebut bermanfaat. Salam Pendidikan!!!

Read more: Contoh Judul Skripsi Tesis Pendidikan (PTK dll)

Buku Sekolah IPA SD Kelas 1-6

Buku Sekolah IPA SD Kelas 1-6

Depdiknas selaku lembaga tertinggi Pendidikan di Indonesia telah menyediakan Buku Sekolah Elektronik atau yang sering disebut BSE. Anda bisa mendownloadnya secara gratis untuk mendapatkan buku elektronik tersebut. Berikut ini adalah Buku Sekolah Ilmu Pengetahuan Alam (IPA) SD Kelas 1, 2 , 3, 4, 5, 6

 

Untuk kelayakan buku sekolah elektronik ini sudah teruji. Materi di dalamnya telah sesuai dengan kurikulum pendidikan di Indonesia (Permendiknas Nomor 12 Tahun 2008, Permendiknas Nomor 34 Tahun 2008, dan Permendiknas Nomor 41 Tahun 2008, Permendiknas Nomor 46 Tahun 2007)

File berikut berformat PDF, jika ada link yang mati beritahu kami, segera akan kami perbaiki.

Link Sumber : bse.kemdiknas.go.id 

Buku Sekolah IPA SD Kelas 1

Suseno, dkk (2010) :  Download  (7,8 MB)

Salirawati, dkk (2010) :  Download  (13,5)

Buku Sekolah IPA SD Kelas 2

Isnawati, dkk (2010) :  Download  (7,3 MB)

Suhartanti, dkk (2010) :  Download  (20,6 MB)

Buku Sekolah IPA SD Kelas 3

Purwantari, dkk (2010) :  Download  (5,9 MB)

Azmiyawati, dkk (2010) :  Download  (21 MB)

Buku Sekolah IPA SD Kelas 4

Suhartanti, dkk (2010) :  Download  (28 MB)

Susilowati, dkk (2010) :  Download  (5,8 MB)

Buku Sekolah IPA SD Kelas 5

Purwantari, dkk (2010) :  Download  (6,3 MB)

Priyono, dkk (2010) :  Download  (12,3 MB)

Buku Sekolah IPA SD Kelas 6

Surono, dkk (2010) :  Download  (13 MB)

Pitoyo, dkk (2010 :  Download  (8,9 MB)

 

PasswordHash.java

Salted Password Hashing - Doing it Right

If you're a web developer, you've probably had to make a user account system. The most important aspect of a user account system is how user passwords are protected. User account databases are hacked frequently, so you absolutely must do something to protect your users' passwords if your website is ever breached. The best way to protect passwords is to employ salted password hashing. This page will explain why it's done the way it is.
There are a lot of conflicting ideas and misconceptions on how to do password hashing properly, probably due to the abundance of misinformation on the web. Password hashing is one of those things that's so simple, but yet so many people get wrong. With this page, I hope to explain not only the correct way to do it, but why it should be done that way.

IMPORTANT WARNING: If you are thinking of writing your own password hashing code, please don't!. It's too easy to screw up. No, that cryptography course you took in university doesn't make you exempt from this warning. This applies to everyone: DO NOT WRITE YOUR OWN CRYPTO! The problem of storing passwords has already been solved. Use either use either phpass or the source code given on this page.

If for some reason you missed that big red warning note, please go read it now. Really, this guide is not meant to walk you through the process of writing your own storage system, it's to explain the reasons why passwords should be stored a certain way.
You may use the following links to jump to the different sections of this page.

1. What is password hashing?	2. How Hashes are Cracked	3. Adding Salt
4. Ineffective Hashing Methods	5. How to hash properly	6. Frequently Asked Questions

There is BSD-licensed password hashing source code at the bottom of this page:

PHP Source Code

Java Source Code

ASP.NET (C#) Source Code

Ruby (on Rails) Source Code

What is password hashing?

hash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
hash("hbllo") = 58756879c05c68dfac9866712fad6a93f8146f337a69afe7dd238f3364946366
hash("waltz") = c0e81794384491161f1777c232bc6bd9ec38f616560b120fda8e90f383853542

Hash algorithms are one way functions. They turn any amount of data into a fixed-length "fingerprint" that cannot be reversed. They also have the property that if the input changes by even a tiny bit, the resulting hash is completely different (see the example above). This is great for protecting passwords, because we want to store passwords in a form that protects them even if the password file itself is compromised, but at the same time, we need to be able to verify that a user's password is correct.
The general workflow for account registration and authentication in a hash-based account system is as follows:

1. The user creates an account.
2. Their password is hashed and stored in the database. At no point is the plain-text (unencrypted) password ever written to the hard drive.
3. When the user attempts to login, the hash of the password they entered is checked against the hash of their real password (retrieved from the database).
4. If the hashes match, the user is granted access. If not, the user is told they entered invalid login credentials.
5. Steps 3 and 4 repeat everytime someone tries to login to their account.

In step 4, never tell the user if it was the username or password they got wrong. Always display a generic message like "Invalid username or password." This prevents attackers from enumerating valid usernames without knowing their passwords.
It should be noted that the hash functions used to protect passwords are not the same as the hash functions you may have seen in a data structures course. The hash functions used to implement data structures such as hash tables are designed to be fast, not secure. Only cryptographic hash functions may be used to implement password hashing. Hash functions like SHA256, SHA512, RipeMD, and WHIRLPOOL are cryptographic hash functions.
It is easy to think that all you have to do is run the password through a cryptographic hash function and your users' passwords will be secure. This is far from the truth. There are many ways to recover passwords from plain hashes very quickly. There are several easy-to-implement techniques that make these "attacks" much less effective. To motivate the need for these techniques, consider this very website. On the front page, you can submit a list of hashes to be cracked, and receive results in less than a second. Clearly, simply hashing the password does not meet our needs for security.
The next section will discuss some of the common attacks used to crack plain password hashes.

How Hashes are Cracked

• Dictionary and Brute Force Attacks

  Dictionary Attack Trying apple        : failed Trying blueberry    : failed Trying justinbeiber : failed ... Trying letmein      : failed Trying s3cr3t       : success!

  Brute Force Attack Trying aaaa : failed Trying aaab : failed Trying aaac : failed ... Trying acdb : failed Trying acdc : success!

  The simplest way to crack a hash is to try to guess the password, hashing each guess, and checking if the guess's hash equals the hash being cracked. If the hashes are equal, the guess is the password. The two most common ways of guessing passwords are dictionary attacks and brute-force attacks.
  A dictionary attack uses a file containing words, phrases, common passwords, and other strings that are likely to be used as a password. Each word in the file is hashed, and its hash is compared to the password hash. If they match, that word is the password. These dictionary files are constructed by extracting words from large bodies of text, and even from real databases of passwords. Further processing is often applied to dictionary files, such as replacing words with their "leet speak" equivalents ("hello" becomes "h3110"), to make them more effective.
  A brute-force attack tries every possible combination of characters up to a given length. These attacks are very computationally expensive, and are usually the least efficient in terms of hashes cracked per processor time, but they will always eventually find the password. Passwords should be long enough that searching through all possible character strings to find it will take too long to be worthwhile.
  There is no way to prevent dictionary attacks or brute force attacks. They can be made less effective, but there isn't a way to prevent them altogether. If your password hashing system is secure, the only way to crack the hashes will be to run a dictionary or brute-force attack on each hash.
  

• Lookup Tables

  Searching: 5f4dcc3b5aa765d61d8327deb882cf99: FOUND: password5
  Searching: efe4507f2c57b280995925a9: FOUND: letMEin12
  Searching: 386f43fab5d096a7a66d67c8f213e5ec: FOUND: mcd0nalds
  Searching: d5ec75d5fe70d428685516cbe615c106f422d23669b610b564800:  not in database
  Searching: 630bf0320fae36492d9: FOUND: p@ssw0rd!
  
  Lookup tables are an extremely effective method for cracking many hashes of the same type very quickly. The general idea is to pre-compute the hashes of the passwords in a password dictionary and store them, and their corresponding password, in a lookup table data structure. A good implementation of a lookup table can process hundreds of hash lookups per second, even when they contain many billions of hashes.
  If you want a better idea of how fast lookup tables can be, try cracking the following sha256 hashes with CrackStation's free hash cracker.
  
  c11083b4b0a7743af748c85d343dfee9fbb8b2576c05f3a7f0d632b0926aadfc
  08eac03b80adc33dc7d8fbe44b7c7b05d3a2c511166bdb43fcb710b03ba919e7
  e4ba5cbd251c98e6cd1c23f126a3b81d8d8328abc95387229850952b3ef9f904
  5206b8b8a996cf5320cb12ca91c7b790fba9f030408efe83ebb83548dc3007bd

• Reverse Lookup Tables

  Searching for hash(apple) in users' hash list...     : Matches [alice3, 0bob0, charles8]
  Searching for hash(blueberry) in users' hash list... : Matches [usr10101, timmy, john91]
  Searching for hash(letmein) in users' hash list...   : Matches [wilson10, dragonslayerX, joe1984]
  Searching for hash(s3cr3t) in users' hash list...    : Matches [bruce19, knuth1337, john87]
  Searching for hash(z@29hjja) in users' hash list...  : No users used this password
  
  This attack allows an attacker to apply a dictionary or brute-force attack to many hashes at the same time, without having to pre-compute a lookup table.
  First, the attacker creates a lookup table that maps each password hash from the compromised user account database to a list of users who had that hash. The attacker then hashes each password guess and uses the lookup table to get a list of users whose password was the attacker's guess. This attack is especially effective because it is common for many users to have the same password.
  

• Rainbow Tables

  Rainbow tables are a time-memory trade-off technique. They are like lookup tables, except that they sacrifice hash cracking speed to make the lookup tables smaller. Because they are smaller, the solutions to more hashes can be stored in the same amount of space, making them more effective. Rainbow tables that can crack any md5 hash of a password up to 8 characters long exist.
  

Next, we'll look at a technique called salting, which makes it impossible to use lookup tables and rainbow tables to crack a hash.

Adding Salt

hash("hello")                    = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
hash("hello" + "QxLUF1bgIAdeQX") = 9e209040c863f84a31e719795b2577523954739fe5ed3b58a75cff2127075ed1
hash("hello" + "bv5PehSMfV11Cd") = d1d3ec2e6f20fd420d50e2642992841d8338a314b8ea157c9e18477aaef226ab
hash("hello" + "YYLmfY6IehjZMQ") = a49670c3c18b9e079b9cfaf51634f563dc8ae3070db2c4a8544305df1b60f007

Lookup tables and rainbow tables only work because each password is hashed the exact same way. If two users have the same password, they'll have the same password hashes. We can prevent these attacks by randomizing each hash, so that when the same password is hashed twice, the hashes are not the same.
We can randomize the hashes by appending or prepending a random string, called a salt, to the password before hashing. As shown in the example above, this makes the same password hash into a completely different string every time. To check if a password is correct, we need the salt, so it is usually stored in the user account database along with the hash, or as part of the hash string itself.
The salt does not need to be secret. Just by randomizing the hashes, lookup tables, reverse lookup tables, and rainbow tables become ineffective. An attacker won't know in advance what the salt will be, so they can't pre-compute a lookup table or rainbow table. If each user's password is hashed with a different salt, the reverse lookup table attack won't work either.
In the next section, we'll look at how salt is commonly implemented incorrectly.

The WRONG Way: Short Salt & Salt Reuse

The most common salt implementation errors are reusing the same salt in multiple hashes, or using a salt that is too short.

Salt Reuse

A common mistake is to use the same salt in each hash. Either the salt is hard-coded into the program, or is generated randomly once. This is ineffective because if two users have the same password, they'll still have the same hash. An attacker can still use a reverse lookup table attack to run a dictionary attack on every hash at the same time. They just have to apply the salt to each password guess before they hash it. If the salt is hard-coded into a popular product, lookup tables and rainbow tables can be built for that salt, to make it easier to crack hashes generated by the product.
A new random salt must be generated each time a user creates an account or changes their password.

Short Salt

If the salt is too short, an attacker can build a lookup table for every possible salt. For example, if the salt is only three ASCII characters, there are only 95x95x95 = 857,375 possible salts. That may seem like a lot, but if each lookup table contains only 1MB of the most common passwords, collectively they will be only 837GB, which is not a lot considering 1000GB hard drives can be bought for under $100 today.
For the same reason, the username shouldn't be used as a salt. Usernames may be unique to a single service, but they are predictable and often reused for accounts on other services. An attacker can build lookup tables for common usernames and use them to crack username-salted hashes.
To make it impossible for an attacker to create a lookup table for every possible salt, the salt must be long. A good rule of thumb is to use a salt that is the same size as the output of the hash function. For example, the output of SHA256 is 256 bits (32 bytes), so the salt should be at least 32 random bytes.

The WRONG Way: Double Hashing & Wacky Hash Functions

This section covers another common password hashing misconception: wacky combinations of hash algorithms. It's easy to get carried away and try to combine different hash functions, hoping that the result will be more secure. In practice, though, there is very little benefit to doing it. All it does is create interoperability problems, and can sometimes even make the hashes less secure. Never try to invent your own crypto, always use a standard that has been designed by experts. Some will argue that using multiple hash functions makes the process of computing the hash slower, so cracking is slower, but there's a better way to make the cracking process slower as we'll see later.
Here are some examples of poor wacky hash functions I've seen suggested in forums on the internet.

• md5(sha1(password))
• md5(md5(salt) + md5(password))
• sha1(sha1(password))
• sha1(str_rot13(password + salt))
• md5(sha1(md5(md5(password) + sha1(password)) + md5(password)))

Do not use any of these.
Note: This section has proven to be controversial. I've received a number of emails arguing that wacky hash functions are a good thing, because it's better if the attacker doesn't know which hash function is in use, it's less likely for an attacker to have pre-computed a rainbow table for the wacky hash function, and it takes longer to compute the hash function.
An attacker cannot attack a hash when he doesn't know the algorithm, but note Kerckhoffs's principle, that the attacker will usually have access to the source code (especially if it's free or open source software), and that given a few password-hash pairs from the target system, it is not difficult to reverse engineer the algorithm. It does take longer to compute wacky hash functions, but only by a small constant factor. It's better to use an iterated algorithm that's designed to be extremely hard to parallelize (these are discussed below). And, properly salting the hash solves the rainbow table problem.
If you really want to use a standardized "wacky" hash function like HMAC, then it's OK. But if your reason for doing so is to make the hash computation slower, read the section below about key stretching first.
Compare these minor benefits to the risks of accidentally implementing a completely insecure hash function and the interoperability problems wacky hashes create. It's clearly best to use a standard and well-tested algorithm.

Hash Collisions

Because hash functions map arbitrary amounts of data to fixed-length strings, there must be some inputs that hash into the same string. Cryptographic hash functions are designed to make these collisions incredibly difficult to find. From time to time, cryptographers find "attacks" on hash functions that make finding collisions easier. A recent example is the MD5 hash function, for which collisions have actually been found.
Collision attacks are a sign that it may be more likely for a string other than the user's password to have the same hash. However, finding collisions in even a weak hash function like MD5 requires a lot of dedicated computing power, so it is very unlikely that these collisions will happen "by accident" in practice. A password hashed using MD5 and salt is, for all practical purposes, just as secure as if it were hashed with SHA256 and salt. Nevertheless, it is a good idea to use a more secure hash function like SHA256, SHA512, RipeMD, or WHIRLPOOL if possible.

The RIGHT Way: How to Hash Properly

This section describes exactly how passwords should be hashed. The first subsection covers the basics—everything that is absolutely necessary. The following subsections explain how the basics can be augmented to make the hashes even harder to crack.

The Basics: Hashing with Salt

Warning: Do not just read this section. You absolutely must implement the stuff in the next section: "Making Password Cracking Harder: Slow Hash Functions".
We've seen how malicious hackers can crack plain hashes very quickly using lookup tables and rainbow tables. We've learned that randomizing the hashing using salt is the solution to the problem. But how do we generate the salt, and how do we apply it to the password?
Salt should be generated using a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG). CSPRNGs are very different than ordinary pseudo-random number generators, like the "C" language's rand() function. As the name suggests, CSPRNGs are designed to be cryptographically secure, meaning they provide a high level of randomness and are completely unpredictable. We don't want our salts to be predictable, so we must use a CSPRNG. The following table lists some CSPRNGs that exist for some popular programming platforms.

Platform	CSPRNG
PHP	mcrypt_create_iv, openssl_random_pseudo_bytes
Java	java.security.SecureRandom
Dot NET (C#, VB)	System.Security.Cryptography.RNGCryptoServiceProvider
Ruby	SecureRandom
Python	os.urandom
Perl	Math::Random::Secure
C/C++ (Windows API)	CryptGenRandom
Any language on GNU/Linux or Unix	Read from /dev/random or /dev/urandom

The salt needs to be unique per-user per-password. Every time a user creates an account or changes their password, the password should be hashed using a new random salt. Never reuse a salt. The salt also needs to be long, so that there are many possible salts. As a rule of thumb, make your salt is at least as long as the hash function's output. The salt should be stored in the user account table alongside the hash.

To Store a Password

1. Generate a long random salt using a CSPRNG.
2. Prepend the salt to the password and hash it with a standard cryptographic hash function such as SHA256.
3. Save both the salt and the hash in the user's database record.

To Validate a Password

1. Retrieve the user's salt and hash from the database.
2. Prepend the salt to the given password and hash it using the same hash function.
3. Compare the hash of the given password with the hash from the database. If they match, the password is correct. Otherwise, the password is incorrect.

At the bottom of this page, there are implementations of salted password hashing in PHP, C#, Java, and Ruby.

In a Web Application, always hash on the server

If you are writing a web application, you might wonder where to hash. Should the password be hashed in the user's browser with JavaScript, or should it be sent to the server "in the clear" and hashed there?
Even if you are hashing the user's passwords in JavaScript, you still have to hash the hashes on the server. Consider a website that hashes users' passwords in the user's browser without hashing the hashes on the server. To authenticate a user, this website will accept a hash from the browser and check if that hash exactly matches the one in the database. This seems more secure than just hashing on the server, since the users' passwords are never sent to the server, but it's not.
The problem is that the client-side hash logically becomes the user's password. All the user needs to do to authenticate is tell the server the hash of their password. If a bad guy got a user's hash they could use it to authenticate to the server, without knowing the user's password! So, if the bad guy somehow steals the database of hashes from this hypothetical website, they'll have immediate access to everyone's accounts without having to guess any passwords.
This isn't to say that you shouldn't hash in the browser, but if you do, you absolutely have to hash on the server too. Hashing in the browser is certainly a good idea, but consider the following points for your implementation:

• Client-side password hashing is not a substitute for HTTPS (SSL/TLS). If the connection between the browser and the server is insecure, a man-in-the-middle can modify the JavaScript code as it is downloaded to remove the hashing functionality and get the user's password.
  
• Some web browsers don't support JavaScript, and some users disable JavaScript in their browser. So for maximum compatibility, your app should detect whether or not the browser supports JavaScript and emulate the client-side hash on the server if it doesn't.
  
• You need to salt the client-side hashes too. The obvious solution is to make the client-side script ask the server for the user's salt. Don't do that, because it lets the bad guys check if a username is valid without knowing the password. Since you're hashing and salting (with a good salt) on the server too, it's OK to use the username (or email) concatenated with a site-specific string (e.g. domain name) as the client-side salt.
  

Making Password Cracking Harder: Slow Hash Functions

Salt ensures that attackers can't use specialized attacks like lookup tables and rainbow tables to crack large collections of hashes quickly, but it doesn't prevent them from running dictionary or brute-force attacks on each hash individually. High-end graphics cards (GPUs) and custom hardware can compute billions of hashes per second, so these attacks are still very effective. To make these attacks less effective, we can use a technique known as key stretching.
The idea is to make the hash function very slow, so that even with a fast GPU or custom hardware, dictionary and brute-force attacks are too slow to be worthwhile. The goal is to make the hash function slow enough to impede attacks, but still fast enough to not cause a noticeable delay for the user.
Key stretching is implemented using a special type of CPU-intensive hash function. Don't try to invent your own–simply iteratively hashing the hash of the password isn't enough as it can be parallelized in hardware and executed as fast as a normal hash. Use a standard algorithm like PBKDF2 or bcrypt. You can find a PHP implementation of PBKDF2 here.
These algorithms take a security factor or iteration count as an argument. This value determines how slow the hash function will be. For desktop software or smartphone apps, the best way to choose this parameter is to run a short benchmark on the device to find the value that makes the hash take about half a second. This way, your program can be as secure as possible without affecting the user experience.
If you use a key stretching hash in a web application, be aware that you will need extra computational resources to process large volumes of authentication requests, and that key stretching may make it easier to run a Denial of Service (DoS) attack on your website. I still recommend using key stretching, but with a lower iteration count. You should calculate the iteration count based on your computational resources and the expected maximum authentication request rate. The denial of service threat can be eliminated by making the user solve a CAPTCHA every time they log in. Always design your system so that the iteration count can be increased or decreased in the future.
If you are worried about the computational burden, but still want to use key stretching in a web application, consider running the key stretching algorithm in the user's browser with JavaScript. The Stanford JavaScript Crypto Library includes PBKDF2. The iteration count should be set low enough that the system is usable with slower clients like mobile devices, and the system should fall back to server-side computation if the user's browser doesn't support JavaScript. Client-side key stretching does not remove the need for server-side hashing. You must hash the hash generated by the client the same way you would hash a normal password.

Impossible-to-crack Hashes: Keyed Hashes and Password Hashing Hardware

As long as an attacker can use a hash to check whether a password guess is right or wrong, they can run a dictionary or brute-force attack on the hash. The next step is to add a secret key to the hash so that only someone who knows the key can use the hash to validate a password. This can be accomplished two ways. Either the hash can be encrypted using a cipher like AES, or the secret key can be included in the hash using a keyed hash algorithm like HMAC.
This is not as easy as it sounds. The key has to be kept secret from an attacker even in the event of a breach. If an attacker gains full access to the system, they'll be able to steal the key no matter where it is stored. The key must be stored in an external system, such as a physically separate server dedicated to password validation, or a special hardware device attached to the server such as the YubiHSM.
I highly recommend this approach for any large scale (more than 100,000 users) service. I consider it necessary for any service hosting more than 1,000,000 user accounts.
If you can't afford multiple dedicated servers or special hardware devices, you can still get some of the benefits of keyed hashes on a standard web server. Most databases are breached using SQL Injection Attacks, which, in most cases, don't give attackers access to the local filesystem (disable local filesystem access in your SQL server if it has this feature). If you generate a random key and store it in a file that isn't accessible from the web, and include it into the salted hashes, then the hashes won't be vulnerable if your database is breached using a simple SQL injection attack. Don't hard-code a key into the source code, generate it randomly when the application is installed. This isn't as secure as using a separate system to do the password hashing, because if there are SQL injection vulnerabilities in a web application, there are probably other types, such as Local File Inclusion, that an attacker could use to read the secret key file. But, it's better than nothing.
Please note that keyed hashes do not remove the need for salt. Clever attackers will eventually find ways to compromise the keys, so it is important that hashes are still protected by salt and key stretching.

Other Security Measures

Password hashing protects passwords in the event of a security breach. It does not make the application as a whole more secure. Much more must be done to prevent the password hashes (and other user data) from being stolen in the first place.
Even experienced developers must be educated in security in order to write secure applications. A great resource for learning about web application vulnerabilities is The Open Web Application Security Project (OWASP). A good introduction is the OWASP Top Ten Vulnerability List. Unless you understand all the vulnerabilities on the list, do not attempt to write a web application that deals with sensitive data. It is the employer's responsibility to ensure all developers are adequately trained in secure application development.
Having a third party "penetration test" your application is a good idea. Even the best programmers make mistakes, so it always makes sense to have a security expert review the code for potential vulnerabilities. Find a trustworthy organization (or hire staff) to review your code on a regular basis. The security review process should begin early in an application's life and continue throughout its development.
It is also important to monitor your website to detect a breach if one does occur. I recommend hiring at least one person whose full time job is detecting and responding to security breaches. If a breach goes undetected, the attacker can make your website infect visitors with malware, so it is extremely important that breaches are detected and responded to promptly.

Frequently Asked Questions

What hash algorithm should I use?

DO use:

• The PHP source code, Java source code, C# source code or the Ruby source code at the bottom of this page.
• OpenWall's Portable PHP password hashing framework
• Any modern well-tested cryptographic hash algorithm, such as SHA256, SHA512, RipeMD, WHIRLPOOL, SHA3, etc.
• Well-designed key stretching algorithms such as PBKDF2, bcrypt, and scrypt.
• Secure versions of crypt ($2y$, $5$, $6$)

DO NOT use:

• Outdated hash functions like MD5 or SHA1.
• Insecure versions of crypt ($1$, $2$, $2x$, $3$).
• Any algorithm that you designed yourself. Only use technology that is in the public domain and has been well-tested by experienced cryptographers.

Even though there are no cryptographic attacks on MD5 or SHA1 that make their hashes easier to crack, they are old and are widely considered (somewhat incorrectly) to be inadequate for password storage. So I don't recommend using them. An exception to this rule is PBKDF2, which is frequently implemented using SHA1 as the underlying hash function.

How should I allow users to reset their password when they forget it?

It is my personal opinion that all password reset mechanisms in widespread use today are insecure. If you have high security requirements, such as an encryption service would, do not let the user reset their password.
Most websites use an email loop to authenticate users who have forgotten their password. To do this, generate a random single-use token that is strongly tied to the account. Include it in a password reset link sent to the user's email address. When the user clicks a password reset link containing a valid token, prompt them for a new password. Be sure that the token is strongly tied to the user account so that an attacker can't use a token sent to his own email address to reset a different user's password.
The token must be set to expire in 15 minutes or after it is used, whichever comes first. It is also a good idea to expire any existing password tokens when the user logs in (they remembered their password) or requests another reset token. If a token doesn't expire, it can be forever used to break into the user's account. Email (SMTP) is a plain-text protocol, and there may be malicious routers on the internet recording email traffic. And, a user's email account (including the reset link) may be compromised long after their password has been changed. Making the token expire as soon as possible reduces the user's exposure to these attacks.
Attackers will be able to modify the tokens, so don't store the user account information or timeout information in them. They should be an unpredictable random binary blob used only to identify a record in a database table.
Never send the user a new password over email. Remember to pick a new random salt when the user resets their password. Don't re-use the one that was used to hash their old password.

What should I do if my user account database gets leaked/hacked?

Your first priority is to determine how the system was compromised and patch the vulnerability the attacker used to get in. If you do not have experience responding to breaches, I highly recommend hiring a third-party security firm.
It may be tempting to cover up the breach and hope nobody notices. However, trying to cover up a breach makes you look worse, because you're putting your users at further risk by not informing them that their passwords and other personal information may be compromised. You must inform your users as soon as possible—even if you don't yet fully understand what happened. Put a notice on the front page of your website that links to a page with more detailed information, and send a notice to each user by email if possible.
Explain to your users exactly how their passwords were protected—hopefully hashed with salt—and that even though they were protected with a salted hash, a malicious hacker can still run dictionary and brute force attacks on the hashes. Malicious hackers will use any passwords they find to try to login to a user's account on a different website, hoping they used the same password on both websites. Inform your users of this risk and recommend that they change their password on any website or service where they used a similar password. Force them to change their password for your service the next time they log in. Most users will try to "change" their password to the original password to get around the forced change quickly. Use the current password hash to ensure that they cannot do this.
It is likely, even with salted slow hashes, that an attacker will be able to crack some of the weak passwords very quickly. To reduce the attacker's window of opportunity to use these passwords, you should require, in addition to the current password, an email loop for authentication until the user has changed their password. See the previous question, "How should I allow users to reset their password when they forget it?" for tips on implementing email loop authentication.
Also tell your users what kind of personal information was stored on the website. If your database includes credit card numbers, you should instruct your users to look over their recent and future bills closely and cancel their credit card.

What should my password policy be? Should I enforce strong passwords?

If your service doesn't have strict security requirements, then don't limit your users. I recommend showing users information about the strength of their password as they type it, letting them decide how secure they want their password to be. If you have special security needs, enforce a minimum length of 12 characters and require at least two letters, two digits, and two symbols.
Do not force your users to change their password more often than once every six months, as doing so creates "user fatigue" and makes users less likely to choose good passwords. Instead, train users to change their password whenever they feel it has been compromised, and to never tell their password to anyone. If it is a business setting, encourage employees to use paid time to memorize and practice their password.

If an attacker has access to my database, can't they just replace the hash of my password with their own hash and login?

Yes, but if someone has accesss to your database, they probably already have access to everything on your server, so they wouldn't need to login to your account to get what they want. The purpose of password hashing (in the context of a website) is not to protect the website from being breached, but to protect the passwords if a breach does occur.
You can prevent hashes from being replaced during a SQL injection attack by connecting to the database with two users with different permissions. One for the 'create account' code and one for the 'login' code. The 'create account' code should be able to read and write to the user table, but the 'login' code should only be able to read.

Why do I have to use a special algorithm like HMAC? Why can't I just append the password to the secret key?

Hash functions like MD5, SHA1, and SHA2 use the Merkle–Damgård construction, which makes them vulnerable to what are known as length extension attacks. This means that given a hash H(X), an attacker can find the value of H(pad(X) + Y), for any other string Y, without knowing X. pad(X) is the padding function used by the hash.
This means that given a hash H(key + message), an attacker can compute H(pad(key + message) + extension), without knowing the key. If the hash was being used as a message authentication code, using the key to prevent an attacker from being able to modify the message and replace it with a different valid hash, the system has failed, since the attacker now has a valid hash of message + extension.
It is not clear how an attacker could use this attack to crack a password hash quicker. However, because of the attack, it is considered bad practice to use a plain hash function for keyed hashing. A clever cryptographer may one day come up with a clever way to use these attacks to make cracking faster, so use HMAC.

Should the salt come before or after the password?

It doesn't matter, but pick one and stick with it for interoperability's sake. Having the salt come before the password seems to be more common.

Why does the hashing code on this page compare the hashes in "length-constant" time?

Comparing the hashes in "length-constant" time ensures that an attacker cannot extract the hash of a password in an on-line system using a timing attack, then crack it off-line.
The standard way to check if two sequences of bytes (strings) are the same is to compare the first byte, then the second, then the third, and so on. As soon as you find a byte that isn't the same for both strings, you know they are different and can return a negative response immediately. If you make it through both strings without finding any bytes that differ, you know the strings are the same and can return a positive result. This means that comparing two strings can take a different amount of time depending on how much of the strings match.
For example, a standard comparison of the strings "xyzabc" and "abcxyz" would immediately see that the first character is different and wouldn't bother to check the rest of the string. On the other hand, when the strings "aaaaaaaaaaB" and "aaaaaaaaaaZ" are compared, the comparison algorithm scans through the block of "a" before it determins the strings are unequal.
Suppose an attacker wants to break into an on-line system that rate limits authentication attempts to one attempt per second. Also suppose the attacker knows all of the parameters to the password hash (salt, hash type, etc), except for the hash and (obviously) the password. If the attacker can get a precisise measurement of how long it takes the on-line system to compare the hash of the real password with the hash of a password the attacker provides, he can use the timing attack to extract part of the hash and crack it using an offline attack, bypassing the system's rate limiting.
First, the attacker finds 256 strings whose hashes begin with every possible byte. He sends each string to the on-line system, recording the amount of time it takes the system to respond. The string that takes the longest will be the one whose hash's first byte matches the real hash's first byte. The attacker now knows the first byte, and can continue the attack in a similar manner on the second byte, then the third, and so on. Once the attacker knows enough of the hash, he can use his own hardware to crack it, without being rate limited by the system.
It might seem like it would be impossible to run a timing attack over a network. However, it has been done, and has been shown to be practical. That's why the code on this page compares strings in a way that takes the same amount of time no matter how much of the strings match.

How does the SlowEquals code work?

The previous question explains why SlowEquals is necessary, this one explains how the code actually works.

1.     private static boolean slowEquals(byte[] a, byte[] b)
2.     {
3.         int diff = a.length ^ b.length;
4.         for(int i = 0; i < a.length && i < b.length; i++)
5.             diff |= a[i] ^ b[i];
6.         return diff == 0;
7.     }

The code uses the XOR "^" operator to compare integers for equality, instead of the "==" operator. The reason why is explained below. The result of XORing two integers will be zero if and only if they are exactly the same. This is because 0 XOR 0 = 0, 1 XOR 1 = 0, 0 XOR 1 = 1, 1 XOR 0 = 1. If we apply that to all the bits in both integers, the result will be zero only if all the bits matched.
So, in the first line, if a.length is equal to b.length, the diff variable will get a zero value, but if not, it will get some non-zero value. Next, we compare the bytes using XOR, and OR the result into diff. This will set diff to a non-zero value if the bytes differ. Because ORing never un-sets bits, the only way diff will be zero at the end of the loop is if it was zero before the loop began (a.length == b.length) and all of the bytes in the two arrays match (none of the XORs resulted in a non-zero value).
The reason we need to use XOR instead of the "==" operator to compare integers is that "==" is usually translated/compiled/interpreted as a branch. For example, the C code "diff &= a == b" might compile to the following x86 assembly:

MOV EAX, [A]
CMP [B], EAX
JZ equal
JMP done
equal:
AND [VALID], 1
done:
AND [VALID], 0

The branching makes the code execute in a different amount of time depending on the equality of the integers and the CPU's internal branch prediction state.
The C code "diff |= a ^ b" should compile to something like the following, whose execution time does not depend on the equality of the integers:

MOV EAX, [A]
XOR EAX, [B]
OR [DIFF], EAX

Why bother hashing?

Your users are entering their password into your website. They are trusting you with their security. If your database gets hacked, and your users' passwords are unprotected, then malicious hackers can use those passwords to compromise your users' accounts on other websites and services (most people use the same password everywhere). It's not just your security that's at risk, it's your users'. You are responsible for your users' security.

PHP PBKDF2 Password Hashing Code

PHP Source Code

Java Source Code

ASP.NET (C#) Source Code

Ruby (on Rails) Source Code

The following code is a secure implementation of PBKDF2 hashing in PHP. You can find a test suite and benchmark code for it on Defuse Security's PBKDF2 for PHP page.

Download PasswordHash.php

If you need compatible PHP and C# implementations, see here.

<?php
/*
 * Password Hashing With PBKDF2 (http://crackstation.net/hashing-security.htm).
 * Copyright (c) 2013, Taylor Hornby
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without 
 * modification, are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice, 
 * this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation 
 * and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
 * POSSIBILITY OF SUCH DAMAGE.
 */

// These constants may be changed without breaking existing hashes.
define("PBKDF2_HASH_ALGORITHM", "sha256");
define("PBKDF2_ITERATIONS", 1000);
define("PBKDF2_SALT_BYTE_SIZE", 24);
define("PBKDF2_HASH_BYTE_SIZE", 24);

define("HASH_SECTIONS", 4);
define("HASH_ALGORITHM_INDEX", 0);
define("HASH_ITERATION_INDEX", 1);
define("HASH_SALT_INDEX", 2);
define("HASH_PBKDF2_INDEX", 3);

function create_hash($password)
{
    // format: algorithm:iterations:salt:hash
    $salt = base64_encode(mcrypt_create_iv(PBKDF2_SALT_BYTE_SIZE, MCRYPT_DEV_URANDOM));
    return PBKDF2_HASH_ALGORITHM . ":" . PBKDF2_ITERATIONS . ":" .  $salt . ":" .
        base64_encode(pbkdf2(
            PBKDF2_HASH_ALGORITHM,
            $password,
            $salt,
            PBKDF2_ITERATIONS,
            PBKDF2_HASH_BYTE_SIZE,
            true
        ));
}

function validate_password($password, $correct_hash)
{
    $params = explode(":", $correct_hash);
    if(count($params) < HASH_SECTIONS)
       return false;
    $pbkdf2 = base64_decode($params[HASH_PBKDF2_INDEX]);
    return slow_equals(
        $pbkdf2,
        pbkdf2(
            $params[HASH_ALGORITHM_INDEX],
            $password,
            $params[HASH_SALT_INDEX],
            (int)$params[HASH_ITERATION_INDEX],
            strlen($pbkdf2),
            true
        )
    );
}

// Compares two strings $a and $b in length-constant time.
function slow_equals($a, $b)
{
    $diff = strlen($a) ^ strlen($b);
    for($i = 0; $i < strlen($a) && $i < strlen($b); $i++)
    {
        $diff |= ord($a[$i]) ^ ord($b[$i]);
    }
    return $diff === 0;
}

/*
 * PBKDF2 key derivation function as defined by RSA's PKCS #5: https://www.ietf.org/rfc/rfc2898.txt
 * $algorithm - The hash algorithm to use. Recommended: SHA256
 * $password - The password.
 * $salt - A salt that is unique to the password.
 * $count - Iteration count. Higher is better, but slower. Recommended: At least 1000.
 * $key_length - The length of the derived key in bytes.
 * $raw_output - If true, the key is returned in raw binary format. Hex encoded otherwise.
 * Returns: A $key_length-byte key derived from the password and salt.
 *
 * Test vectors can be found here: https://www.ietf.org/rfc/rfc6070.txt
 *
 * This implementation of PBKDF2 was originally created by https://defuse.ca
 * With improvements by http://www.variations-of-shadow.com
 */
function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
{
    $algorithm = strtolower($algorithm);
    if(!in_array($algorithm, hash_algos(), true))
        trigger_error('PBKDF2 ERROR: Invalid hash algorithm.', E_USER_ERROR);
    if($count <= 0 || $key_length <= 0)
        trigger_error('PBKDF2 ERROR: Invalid parameters.', E_USER_ERROR);

    if (function_exists("hash_pbkdf2")) {
        // The output length is in NIBBLES (4-bits) if $raw_output is false!
        if (!$raw_output) {
            $key_length = $key_length * 2;
        }
        return hash_pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output);
    }

    $hash_length = strlen(hash($algorithm, "", true));
    $block_count = ceil($key_length / $hash_length);

    $output = "";
    for($i = 1; $i <= $block_count; $i++) {
        // $i encoded as 4 bytes, big endian.
        $last = $salt . pack("N", $i);
        // first iteration
        $last = $xorsum = hash_hmac($algorithm, $last, $password, true);
        // perform the other $count - 1 iterations
        for ($j = 1; $j < $count; $j++) {
            $xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true));
        }
        $output .= $xorsum;
    }

    if($raw_output)
        return substr($output, 0, $key_length);
    else
        return bin2hex(substr($output, 0, $key_length));
}
?>

Java PBKDF2 Password Hashing Code

PHP Source Code

Java Source Code

ASP.NET (C#) Source Code

Ruby (on Rails) Source Code

The following code is a secure implementation of PBKDF2 hashing in Java.

Download PasswordHash.java

/* 
 * Password Hashing With PBKDF2 (http://crackstation.net/hashing-security.htm).
 * Copyright (c) 2013, Taylor Hornby
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without 
 * modification, are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice, 
 * this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation 
 * and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
 * POSSIBILITY OF SUCH DAMAGE.
 */

import java.security.SecureRandom;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.SecretKeyFactory;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;

/*
 * PBKDF2 salted password hashing.
 * Author: havoc AT defuse.ca
 * www: http://crackstation.net/hashing-security.htm
 */
public class PasswordHash
{
    public static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1";

    // The following constants may be changed without breaking existing hashes.
    public static final int SALT_BYTE_SIZE = 24;
    public static final int HASH_BYTE_SIZE = 24;
    public static final int PBKDF2_ITERATIONS = 1000;

    public static final int ITERATION_INDEX = 0;
    public static final int SALT_INDEX = 1;
    public static final int PBKDF2_INDEX = 2;

    /**
     * Returns a salted PBKDF2 hash of the password.
     *
     * @param   password    the password to hash
     * @return              a salted PBKDF2 hash of the password
     */
    public static String createHash(String password)
        throws NoSuchAlgorithmException, InvalidKeySpecException
    {
        return createHash(password.toCharArray());
    }

    /**
     * Returns a salted PBKDF2 hash of the password.
     *
     * @param   password    the password to hash
     * @return              a salted PBKDF2 hash of the password
     */
    public static String createHash(char[] password)
        throws NoSuchAlgorithmException, InvalidKeySpecException
    {
        // Generate a random salt
        SecureRandom random = new SecureRandom();
        byte[] salt = new byte[SALT_BYTE_SIZE];
        random.nextBytes(salt);

        // Hash the password
        byte[] hash = pbkdf2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
        // format iterations:salt:hash
        return PBKDF2_ITERATIONS + ":" + toHex(salt) + ":" +  toHex(hash);
    }

    /**
     * Validates a password using a hash.
     *
     * @param   password        the password to check
     * @param   correctHash     the hash of the valid password
     * @return                  true if the password is correct, false if not
     */
    public static boolean validatePassword(String password, String correctHash)
        throws NoSuchAlgorithmException, InvalidKeySpecException
    {
        return validatePassword(password.toCharArray(), correctHash);
    }

    /**
     * Validates a password using a hash.
     *
     * @param   password        the password to check
     * @param   correctHash     the hash of the valid password
     * @return                  true if the password is correct, false if not
     */
    public static boolean validatePassword(char[] password, String correctHash)
        throws NoSuchAlgorithmException, InvalidKeySpecException
    {
        // Decode the hash into its parameters
        String[] params = correctHash.split(":");
        int iterations = Integer.parseInt(params[ITERATION_INDEX]);
        byte[] salt = fromHex(params[SALT_INDEX]);
        byte[] hash = fromHex(params[PBKDF2_INDEX]);
        // Compute the hash of the provided password, using the same salt, 
        // iteration count, and hash length
        byte[] testHash = pbkdf2(password, salt, iterations, hash.length);
        // Compare the hashes in constant time. The password is correct if
        // both hashes match.
        return slowEquals(hash, testHash);
    }

    /**
     * Compares two byte arrays in length-constant time. This comparison method
     * is used so that password hashes cannot be extracted from an on-line 
     * system using a timing attack and then attacked off-line.
     * 
     * @param   a       the first byte array
     * @param   b       the second byte array 
     * @return          true if both byte arrays are the same, false if not
     */
    private static boolean slowEquals(byte[] a, byte[] b)
    {
        int diff = a.length ^ b.length;
        for(int i = 0; i < a.length && i < b.length; i++)
            diff |= a[i] ^ b[i];
        return diff == 0;
    }

    /**
     *  Computes the PBKDF2 hash of a password.
     *
     * @param   password    the password to hash.
     * @param   salt        the salt
     * @param   iterations  the iteration count (slowness factor)
     * @param   bytes       the length of the hash to compute in bytes
     * @return              the PBDKF2 hash of the password
     */
    private static byte[] pbkdf2(char[] password, byte[] salt, int iterations, int bytes)
        throws NoSuchAlgorithmException, InvalidKeySpecException
    {
        PBEKeySpec spec = new PBEKeySpec(password, salt, iterations, bytes * 8);
        SecretKeyFactory skf = SecretKeyFactory.getInstance(PBKDF2_ALGORITHM);
        return skf.generateSecret(spec).getEncoded();
    }

    /**
     * Converts a string of hexadecimal characters into a byte array.
     *
     * @param   hex         the hex string
     * @return              the hex string decoded into a byte array
     */
    private static byte[] fromHex(String hex)
    {
        byte[] binary = new byte[hex.length() / 2];
        for(int i = 0; i < binary.length; i++)
        {
            binary[i] = (byte)Integer.parseInt(hex.substring(2*i, 2*i+2), 16);
        }
        return binary;
    }

    /**
     * Converts a byte array into a hexadecimal string.
     *
     * @param   array       the byte array to convert
     * @return              a length*2 character string encoding the byte array
     */
    private static String toHex(byte[] array)
    {
        BigInteger bi = new BigInteger(1, array);
        String hex = bi.toString(16);
        int paddingLength = (array.length * 2) - hex.length();
        if(paddingLength > 0)
            return String.format("%0" + paddingLength + "d", 0) + hex;
        else
            return hex;
    }

    /**
     * Tests the basic functionality of the PasswordHash class
     *
     * @param   args        ignored
     */
    public static void main(String[] args)
    {
        try
        {
            // Print out 10 hashes
            for(int i = 0; i < 10; i++)
                System.out.println(PasswordHash.createHash("p\r\nassw0Rd!"));

            // Test password validation
            boolean failure = false;
            System.out.println("Running tests...");
            for(int i = 0; i < 100; i++)
            {
                String password = ""+i;
                String hash = createHash(password);
                String secondHash = createHash(password);
                if(hash.equals(secondHash)) {
                    System.out.println("FAILURE: TWO HASHES ARE EQUAL!");
                    failure = true;
                }
                String wrongPassword = ""+(i+1);
                if(validatePassword(wrongPassword, hash)) {
                    System.out.println("FAILURE: WRONG PASSWORD ACCEPTED!");
                    failure = true;
                }
                if(!validatePassword(password, hash)) {
                    System.out.println("FAILURE: GOOD PASSWORD NOT ACCEPTED!");
                    failure = true;
                }
            }
            if(failure)
                System.out.println("TESTS FAILED!");
            else
                System.out.println("TESTS PASSED!");
        }
        catch(Exception ex)
        {
            System.out.println("ERROR: " + ex);
        }
    }

}

ASP.NET (C#) Password Hashing Code

PHP Source Code

Java Source Code

ASP.NET (C#) Source Code

Ruby (on Rails) Source Code

The following code is a secure implementation of salted hashing in C# for ASP.NET. It is in the

Download PasswordHash.cs

If you need compatible PHP and C# implementations, see here.

/* 
 * Password Hashing With PBKDF2 (http://crackstation.net/hashing-security.htm).
 * Copyright (c) 2013, Taylor Hornby
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without 
 * modification, are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice, 
 * this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation 
 * and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
 * POSSIBILITY OF SUCH DAMAGE.
 */

using System;
using System.Text;
using System.Security.Cryptography;

namespace PasswordHash
{
    /// <summary>
    /// Salted password hashing with PBKDF2-SHA1.
    /// Author: havoc AT defuse.ca
    /// www: http://crackstation.net/hashing-security.htm
    /// Compatibility: .NET 3.0 and later.
    /// </summary>
    public class PasswordHash
    {
        // The following constants may be changed without breaking existing hashes.
        public const int SALT_BYTE_SIZE = 24;
        public const int HASH_BYTE_SIZE = 24;
        public const int PBKDF2_ITERATIONS = 1000;

        public const int ITERATION_INDEX = 0;
        public const int SALT_INDEX = 1;
        public const int PBKDF2_INDEX = 2;

        /// <summary>
        /// Creates a salted PBKDF2 hash of the password.
        /// </summary>
        /// <param name="password">The password to hash.</param>
        /// <returns>The hash of the password.</returns>
        public static string CreateHash(string password)
        {
            // Generate a random salt
            RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
            byte[] salt = new byte[SALT_BYTE_SIZE];
            csprng.GetBytes(salt);

            // Hash the password and encode the parameters
            byte[] hash = PBKDF2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
            return PBKDF2_ITERATIONS + ":" +
                Convert.ToBase64String(salt) + ":" +
                Convert.ToBase64String(hash);
        }

        /// <summary>
        /// Validates a password given a hash of the correct one.
        /// </summary>
        /// <param name="password">The password to check.</param>
        /// <param name="correctHash">A hash of the correct password.</param>
        /// <returns>True if the password is correct. False otherwise.</returns>
        public static bool ValidatePassword(string password, string correctHash)
        {
            // Extract the parameters from the hash
            char[] delimiter = { ':' };
            string[] split = correctHash.Split(delimiter);
            int iterations = Int32.Parse(split[ITERATION_INDEX]);
            byte[] salt = Convert.FromBase64String(split[SALT_INDEX]);
            byte[] hash = Convert.FromBase64String(split[PBKDF2_INDEX]);

            byte[] testHash = PBKDF2(password, salt, iterations, hash.Length);
            return SlowEquals(hash, testHash);
        }

        /// <summary>
        /// Compares two byte arrays in length-constant time. This comparison
        /// method is used so that password hashes cannot be extracted from
        /// on-line systems using a timing attack and then attacked off-line.
        /// </summary>
        /// <param name="a">The first byte array.</param>
        /// <param name="b">The second byte array.</param>
        /// <returns>True if both byte arrays are equal. False otherwise.</returns>
        private static bool SlowEquals(byte[] a, byte[] b)
        {
            uint diff = (uint)a.Length ^ (uint)b.Length;
            for (int i = 0; i < a.Length && i < b.Length; i++)
                diff |= (uint)(a[i] ^ b[i]);
            return diff == 0;
        }

        /// <summary>
        /// Computes the PBKDF2-SHA1 hash of a password.
        /// </summary>
        /// <param name="password">The password to hash.</param>
        /// <param name="salt">The salt.</param>
        /// <param name="iterations">The PBKDF2 iteration count.</param>
        /// <param name="outputBytes">The length of the hash to generate, in bytes.</param>
        /// <returns>A hash of the password.</returns>
        private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes)
        {
            Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt);
            pbkdf2.IterationCount = iterations;
            return pbkdf2.GetBytes(outputBytes);
        }
    }
}

Ruby (on Rails) Password Hashing Code

PHP Source Code

Java Source Code

ASP.NET (C#) Source Code

Ruby (on Rails) Source Code

The following is a secure implementation of salted PBKDF2 password hashing in Ruby. The code is

Download PasswordHash.rb

# Password Hashing With PBKDF2 (http://crackstation.net/hashing-security.htm).
# Copyright (c) 2013, Taylor Hornby
# All rights reserved.
# 
# Redistribution and use in source and binary forms, with or without 
# modification, are permitted provided that the following conditions are met:
# 
# 1. Redistributions of source code must retain the above copyright notice, 
# this list of conditions and the following disclaimer.
# 
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation 
# and/or other materials provided with the distribution.
# 
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
# POSSIBILITY OF SUCH DAMAGE.

require 'securerandom'
require 'openssl'
require 'base64'

# Salted password hashing with PBKDF2-SHA1.
# Authors: @RedragonX (dicesoft.net), havoc AT defuse.ca 
# www: http://crackstation.net/hashing-security.htm
module PasswordHash

  # The following constants can be changed without breaking existing hashes.
  PBKDF2_ITERATIONS = 1000
  SALT_BYTE_SIZE = 24
  HASH_BYTE_SIZE = 24

  HASH_SECTIONS = 4
  SECTION_DELIMITER = ':'
  ITERATIONS_INDEX = 1
  SALT_INDEX = 2
  HASH_INDEX = 3

  # Returns a salted PBKDF2 hash of the password.
  def self.createHash( password )
    salt = SecureRandom.base64( SALT_BYTE_SIZE )
    pbkdf2 = OpenSSL::PKCS5::pbkdf2_hmac_sha1(
      password,
      salt,
      PBKDF2_ITERATIONS,
      HASH_BYTE_SIZE
    )
    return ["sha1", PBKDF2_ITERATIONS, salt, Base64.encode64( pbkdf2 )].join( SECTION_DELIMITER )
  end

  # Checks if a password is correct given a hash of the correct one.
  # correctHash must be a hash string generated with createHash.
  def self.validatePassword( password, correctHash )
    params = correctHash.split( SECTION_DELIMITER )
    return false if params.length != HASH_SECTIONS

    pbkdf2 = Base64.decode64( params[HASH_INDEX] )
    testHash = OpenSSL::PKCS5::pbkdf2_hmac_sha1(
      password,
      params[SALT_INDEX],
      params[ITERATIONS_INDEX].to_i,
      pbkdf2.length
    )

    return pbkdf2 == testHash
  end

  # Run tests to ensure the module is functioning properly.
  # Returns true if all tests succeed, false if not.
  def self.runSelfTests
    puts "Sample hashes:"
    3.times { puts createHash("password") }

    puts "\nRunning self tests..."
    @@allPass = true

    correctPassword = 'aaaaaaaaaa'
    wrongPassword = 'aaaaaaaaab'
    hash = createHash(correctPassword)

    assert( validatePassword( correctPassword, hash ) == true, "correct password" )
    assert( validatePassword( wrongPassword, hash ) == false, "wrong password" )

    h1 = hash.split( SECTION_DELIMITER )
    h2 = createHash( correctPassword ).split( SECTION_DELIMITER )
    assert( h1[HASH_INDEX] != h2[HASH_INDEX], "different hashes" )
    assert( h1[SALT_INDEX] != h2[SALT_INDEX], "different salt" )

    if @@allPass
      puts "*** ALL TESTS PASS ***"
    else
      puts "*** FAILURES ***"
    end

    return @@allPass
  end

  def self.assert( truth, msg )
    if truth
      puts "PASS [#{msg}]"
    else
      puts "FAIL [#{msg}]"
      @@allPass = false
    end
  end

end

PasswordHash.runSelfTests