(March 28, 2012 at 4:47 pm)Doubting Thomas Wrote: OK, I guess I'm not up on what exactly a "hash" is.
Passwords are typically stored as a "hash", which is a one-way cryptographic algorithm that takes a set of data (such as a password) and creates what is essentially a "fingerprint" of the data. This operation is one way - the hash can be derived from the plain text, but the plain text cannot (easily) be derived from the hash. In theory, a good hashing algorithm will produce a unique hash for every unique input plain text.
A user-entered password can be compared against a stored hashed password by hashing the user input using the same algorithm used to hash the stored passwords and comparing the hashes.
One weakness of hashed passwords is that if the password hash is known (by compromising the password storage mechanism), that hash can be compared against a pre-generated "rainbow table" (a dictionary of plain text phrases and thier hash equivalent).
