How Hashes work for the encryption of passwords and what a “salt” for the hash is?

145 views
0

How Hashes work for the encryption of passwords and what a “salt” for the hash is?

In: Technology

A hash is what is created by assigning value to input and the encryption method is what determines what the values are. A salt is adding random input.

Explained:

A hash is the banana bread. Banana bread can be created in different ways with different ingredients (values), but you always land on banana bread as the result. Now, since various combinations of ingredients will create the same bread (hash), we use salting to add to the recipe so we get chocolate chip banana bread instead (we add a random ingredient to change the result).

Also: remember the ciphers on the back of cereal boxes as a kid? That’s part of hashing.

A hashing algorithm is a program that turns any input into a number. So let’s say we have a hashing algorithm that everyone uses for saving passwords. And this hash says that the number for the password “hunter2” is 45.

Now to save a user’s password we can save 45 instead of hunter2. That way if someone steals our database, they don’t know anybody’s password.

Except what if we are using a hashing algorithm that is really popular? Well what someone can do is generate a big list of hash values for common passwords, so when they see that the password hash we saved is 45, they can deduce that the password was “hunter2” and then they can use that password to try other sites like banking websites for example.

One way we can protect against this kind of attack is by salting the passwords before we apply the hashing algorithm. For example, we could add “eatsglue” to the end of each password before hashing, so when the user says their password is “hunter2”, we add “eatsglue” and hash the whole thing, “hunter2eatsglue”. Then we save that value instead, and maybe it’s 522, instead of 45. So if someone steals our database of hashed passwords, now it’s harder to know what a user’s password really was, and if you want to generate a table of hashed passwords to try to figure it out, you need to know what the salt value is.