Just how do passwords work? Perhaps the average user hasn’t given it much thought, however the password has to be digitally stored somewhere within a computer system so that the password-protected program can check the entered password against the correct one. Obviously, this can cause security issues. If the password is stored on a computer or in a database for a company, what will stop a person from simply searching for the file in which the password is stored and reading it?
This solution to this problem is hashing. Hashing uses a mathematical formula to convert the original password into something that is impossible to read by a human. This formula is designed so that it is a one-way process. A password can be converted into a hash but it is almost impossible to convert a hash back into the password. This leads us to another problem. If the hash cannot be converted into a password, how does the program verify the password entered? It doesn’t actually compare the passwords, it compares the hash to the passwords. If the two hashes don’t match, then the password was incorrect. However, this leads us to yet another problem. Certain mathematical formulas can give the same hash value for two completely different passwords. Therefore, before the mathematical formula is used, a formal proof is necessary to ensure that it will produce a different hash for every single password. Once hashing is implemented, even if someone is able to obtain the list of hashes they will not be able to extract the actual passwords.
No comments:
Post a Comment