RE: On Password Strength
March 28, 2012 at 4:59 pm
(This post was last modified: March 28, 2012 at 5:01 pm by Tiberius.)
A hash is how a lot of sites store your password in their databases. Instead of storing the password as plaintext, or encrypting it, they will apply a hash function that transforms the password into a certain value.
Hash functions (like MD5, SHA, etc) have the property of being non-reversible; that is, you can calculate the hash of a password, but it is very hard to calculate the password from the hash.
For instance, this is easy:
MD5("password") = 5f4dcc3b5aa765d61d8327deb882cf99
This is not:
unMD5("8500f5f9f0043dec7f9725a214e8a8c2") = ...???
That is why we use salts.
Hash functions (like MD5, SHA, etc) have the property of being non-reversible; that is, you can calculate the hash of a password, but it is very hard to calculate the password from the hash.
For instance, this is easy:
MD5("password") = 5f4dcc3b5aa765d61d8327deb882cf99
This is not:
unMD5("8500f5f9f0043dec7f9725a214e8a8c2") = ...???
(March 28, 2012 at 4:57 pm)Cthulhu Dreaming Wrote: One weakness of hashed passwords is that if the password hash is known (by compromising the password storage mechanism), that hash can be compared against a pre-generated "rainbow table" (a dictionary of plain text phrases and thier hash equivalent).
That is why we use salts.
