teach-ict.com logo

THE education site for computer science and ICT

3. Hashing passwords

Hashing is a useful tool for keeping passwords more secure.

Login systems, instead of storing the password itself, may store the hash of the password. Like this:

 

hash picture

Anyone viewing the password table in the database (for example a help desk operator) will not know what is the actual password.

When the user logs in with their password, a hash is calculated and compared with the stored hash. If they match then the password is correct.

The method is not completely secure as there are cracking methods to work out the original password, but it is a good general approach.

Using hashes, it is possible to set up a system where only the user themselves knows their password.

 

Quite often a system will use the persons' email address as the user name. In which case the same method can be used to authenticate the email address - just store the original email hash value and compare any later entries with that one.

Challenge see if you can find out one extra fact on this topic that we haven't already told you

Click on this link: Hashing passwords