Password Hashes
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Password Hashes

  1. #1
    Member
    Join Date
    Oct 2004
    Posts
    45

    Password Hashes

    Hi guyz

    i have a question,
    what are password hashes ?

    i always here about those as well as hash tables, i asked about it in www.programmingforums.org but i did'nt really understand !
    [gloworange][shadow]www.geocities.com/dia_byte0 [/shadow] [/gloworange]

    No To 1559 !

    Signature image is too tall!

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    A password hash is the result of the password being passed through an algorithm. It's not the encrypted password but rather a result of it.

    e.g.,

    In a simplistic view, if my password is 6 and the algorithm is "adding two numbers" with a key of 7 then the hash is 13. And as long as I put in 6 the resultant should always be 13. It is the hash that gets compared (say in the /etc/shadow file).

    Now, to avoid getting the same hash if people use the same password we add what is often referred to as a "salt", a piece of unique data. Say, the day, month and year an account was created. So, if we took today's date (24022005) and used it in the algorithm then the hash would be:

    (6 + 24022005) + 7 = 24022018
    If another user is using 6 as their password but their account was created on 24022004 their hash would be: 24022017.

    Keep in mind this is a very simplistic view. The salt needs to be more unique than this as many accounts could be created on the same day so you could go as far as to have user name, time, random key generations, etc.

    Hope that helps.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912
    Hashes are a cryptographic method of providing a one-way encoding of information which yields a hash value of the original value. This hash value can only be recreated using the exact same information again, and it is impossible to retrieve the original information from the hash. The strength of the hash algorithm lies in these facts.

    This makes hashes perfect for encoding passwords for storage, as to check a password, the hashes are calculated and compared, rather than the plain password.
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  4. #4
    Member
    Join Date
    Oct 2004
    Posts
    45
    i'm starting to get the issue, thanx guys

    but what do you mean MsMittens : adding "adding two numbers" with a key of 7 ???
    [gloworange][shadow]www.geocities.com/dia_byte0 [/shadow] [/gloworange]

    No To 1559 !

    Signature image is too tall!

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    but what do you mean MsMittens : adding "adding two numbers" with a key of 7 ???
    It's just a simplistic example. The algorithms used are usually a lot more complicated. For the purposes of a simple example I said the algorithm was to add to numbers together (one is the key and one is the data/password).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Senior Member
    Join Date
    Feb 2005
    Posts
    153
    For a easy-to-understand version of password hashes and how they are used, look into:

    http://www.nmrc.org/pub/faq/hackfaq/hackfaq-04.html
    \"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
    - Charles Darwin

  7. #7
    Member
    Join Date
    Oct 2004
    Posts
    45
    oh ok thanx, things cleared !
    [gloworange][shadow]www.geocities.com/dia_byte0 [/shadow] [/gloworange]

    No To 1559 !

    Signature image is too tall!

  8. #8
    Senior Member
    Join Date
    Jan 2004
    Location
    Hawaii
    Posts
    351

    Post Hashing Unleashed

    Think of it this way:
    You encrypt the password "enter". The encrypted result is "a5jjdkei9kd(". Note, that was completely random. Now, that encypted result is the hash....it cannot be unencrypted, or so the theory goes.
    When you try to log on to a system, it encrypts what you give as a password, and compares that hash to the hash stored on the system. If they're the same, you're all set.
    Now, what's hard about hashing algorithms is something called collisions. Collisions happen when two different passwords create the same algorithm, this is a major vulnerability.

    Hope this helped.

    A_T
    Geek isn't just a four-letter word; it's a six-figure income.

  9. #9
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    I'm a pundit because I say I am!

    OK, lemme weigh in on this.

    Dia_Byte, in a simplistic view you can equate the word 'alrogithm' with 'equation', or even more simplistically, 'process'.

    MsMittens was saying the algorithm is "take their password and add the value 7". Or algabraiclly:
    X + 7 = HASH

    There's much more to hashing and one-way hashes, but it sounds like you're on track.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  10. #10
    Member
    Join Date
    Oct 2004
    Posts
    45
    OK then the hash is the encrypted result ?

    like : "enter" -> a5jjdkei9kd(
    [gloworange][shadow]www.geocities.com/dia_byte0 [/shadow] [/gloworange]

    No To 1559 !

    Signature image is too tall!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •