-
February 24th, 2005, 04:20 PM
#1
Member
Password Hashes
Hi guyz
i have a question,
what are password hashes ?
i always here about those as well as hash tables, i asked about it in www.programmingforums.org but i did'nt really understand !
-
February 24th, 2005, 04:27 PM
#2
A password hash is the result of the password being passed through an algorithm. It's not the encrypted password but rather a result of it.
e.g.,
In a simplistic view, if my password is 6 and the algorithm is "adding two numbers" with a key of 7 then the hash is 13. And as long as I put in 6 the resultant should always be 13. It is the hash that gets compared (say in the /etc/shadow file).
Now, to avoid getting the same hash if people use the same password we add what is often referred to as a "salt", a piece of unique data. Say, the day, month and year an account was created. So, if we took today's date (24022005) and used it in the algorithm then the hash would be:
(6 + 24022005) + 7 = 24022018
If another user is using 6 as their password but their account was created on 24022004 their hash would be: 24022017.
Keep in mind this is a very simplistic view. The salt needs to be more unique than this as many accounts could be created on the same day so you could go as far as to have user name, time, random key generations, etc.
Hope that helps.
-
February 24th, 2005, 04:27 PM
#3
Hashes are a cryptographic method of providing a one-way encoding of information which yields a hash value of the original value. This hash value can only be recreated using the exact same information again, and it is impossible to retrieve the original information from the hash. The strength of the hash algorithm lies in these facts.
This makes hashes perfect for encoding passwords for storage, as to check a password, the hashes are calculated and compared, rather than the plain password.
\"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster
-
February 24th, 2005, 04:36 PM
#4
Member
i'm starting to get the issue, thanx guys
but what do you mean MsMittens : adding "adding two numbers" with a key of 7 ???
-
February 24th, 2005, 04:40 PM
#5
but what do you mean MsMittens : adding "adding two numbers" with a key of 7 ???
It's just a simplistic example. The algorithms used are usually a lot more complicated. For the purposes of a simple example I said the algorithm was to add to numbers together (one is the key and one is the data/password).
-
February 24th, 2005, 04:44 PM
#6
For a easy-to-understand version of password hashes and how they are used, look into:
http://www.nmrc.org/pub/faq/hackfaq/hackfaq-04.html
\"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
- Charles Darwin
-
February 24th, 2005, 04:45 PM
#7
Member
oh ok thanx, things cleared !
-
February 24th, 2005, 05:10 PM
#8
Hashing Unleashed
Think of it this way:
You encrypt the password "enter". The encrypted result is "a5jjdkei9kd(". Note, that was completely random. Now, that encypted result is the hash....it cannot be unencrypted, or so the theory goes.
When you try to log on to a system, it encrypts what you give as a password, and compares that hash to the hash stored on the system. If they're the same, you're all set.
Now, what's hard about hashing algorithms is something called collisions. Collisions happen when two different passwords create the same algorithm, this is a major vulnerability.
Hope this helped.
A_T
Geek isn't just a four-letter word; it's a six-figure income.
-
February 24th, 2005, 05:43 PM
#9
I'm a pundit because I say I am!
OK, lemme weigh in on this.
Dia_Byte, in a simplistic view you can equate the word 'alrogithm' with 'equation', or even more simplistically, 'process'.
MsMittens was saying the algorithm is "take their password and add the value 7". Or algabraiclly:
X + 7 = HASH
There's much more to hashing and one-way hashes, but it sounds like you're on track.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
February 27th, 2005, 05:33 PM
#10
Member
OK then the hash is the encrypted result ?
like : "enter" -> a5jjdkei9kd(
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|