Hi guyz

i have a question,

i always here about those as well as hash tables, i asked about it in www.programmingforums.org but i did'nt really understand !

2. A password hash is the result of the password being passed through an algorithm. It's not the encrypted password but rather a result of it.

e.g.,

In a simplistic view, if my password is 6 and the algorithm is "adding two numbers" with a key of 7 then the hash is 13. And as long as I put in 6 the resultant should always be 13. It is the hash that gets compared (say in the /etc/shadow file).

Now, to avoid getting the same hash if people use the same password we add what is often referred to as a "salt", a piece of unique data. Say, the day, month and year an account was created. So, if we took today's date (24022005) and used it in the algorithm then the hash would be:

(6 + 24022005) + 7 = 24022018
If another user is using 6 as their password but their account was created on 24022004 their hash would be: 24022017.

Keep in mind this is a very simplistic view. The salt needs to be more unique than this as many accounts could be created on the same day so you could go as far as to have user name, time, random key generations, etc.

Hope that helps.

3. Hashes are a cryptographic method of providing a one-way encoding of information which yields a hash value of the original value. This hash value can only be recreated using the exact same information again, and it is impossible to retrieve the original information from the hash. The strength of the hash algorithm lies in these facts.

This makes hashes perfect for encoding passwords for storage, as to check a password, the hashes are calculated and compared, rather than the plain password.

4. i'm starting to get the issue, thanx guys

but what do you mean MsMittens : adding "adding two numbers" with a key of 7 ???

5. but what do you mean MsMittens : adding "adding two numbers" with a key of 7 ???
It's just a simplistic example. The algorithms used are usually a lot more complicated. For the purposes of a simple example I said the algorithm was to add to numbers together (one is the key and one is the data/password).

6. For a easy-to-understand version of password hashes and how they are used, look into:

http://www.nmrc.org/pub/faq/hackfaq/hackfaq-04.html

7. oh ok thanx, things cleared !

8. ## Hashing Unleashed

Think of it this way:
You encrypt the password "enter". The encrypted result is "a5jjdkei9kd(". Note, that was completely random. Now, that encypted result is the hash....it cannot be unencrypted, or so the theory goes.
When you try to log on to a system, it encrypts what you give as a password, and compares that hash to the hash stored on the system. If they're the same, you're all set.
Now, what's hard about hashing algorithms is something called collisions. Collisions happen when two different passwords create the same algorithm, this is a major vulnerability.

Hope this helped.

A_T

9. ## I'm a pundit because I say I am!

OK, lemme weigh in on this.

Dia_Byte, in a simplistic view you can equate the word 'alrogithm' with 'equation', or even more simplistically, 'process'.

MsMittens was saying the algorithm is "take their password and add the value 7". Or algabraiclly:
X + 7 = HASH

There's much more to hashing and one-way hashes, but it sounds like you're on track.

10. OK then the hash is the encrypted result ?

like : "enter" -&gt; a5jjdkei9kd(

Page 1 of 2 12 Last

#### Posting Permissions

• You may not post new threads
• You may not post replies
• You may not post attachments
• You may not edit your posts
•