When a user creates a new account by signing up, the password they provide is not stored directly in the database. Instead, the password is passed through a hash function. This hash function converts the original password into a unique string (hash). The hash value is then stored in the server, not the actual password.
Later, when the user attempts to log in, they enter the same password. This entered password is passed through the same hash function, and the resulting hash is compared with the hash stored in the server. If both hash values match, it indicates that the password entered by the user is correct. This is because hash functions always generate the same output for the same input, ensuring consistency. If the hash values do not match, the login will be rejected.
By using hashing, passwords are stored securely without being saved in plain text, which increases security. Even if hackers gain access to the database, they will only have the hash values, not the actual passwords. This process is a vital part of securing sensitive information and ensuring user privacy.
Additional Use Cases of Hashing
Hashing is not only used for password storage but also plays a crucial role in ensuring data integrity in various systems. For example, when files are uploaded to the internet, the hash value of the file is created and uploaded alongside the actual data. When a new user downloads the file, they can use the same hash function to calculate the digest of the downloaded file. Then, the hash values are compared. If they match, it ensures the file's integrity has been maintained and no data corruption has occurred.
This method is used to ensure the accuracy and security of files, so that no changes or corruption occur to the file during transmission or storage.
Top comments (1)
Just read the most useful cheat sheet from OWASP cheatsheetseries.owasp.org/cheatsh...
TLDR:
hashFunction( password + userid, 1_000_000 iterations + 1_000_000 % password.shortHash())And how to guess hashes: hashcat.net/hashcat/ + rainbow tables