Whenever you log in, your email provider doesn’t store the plain text password, all they need is the hash. Hashing ensures that the data is stored in a scrambled state, so it’s harder to steal. Remember, hashes are irreversible so it’s impossible for the hacker to figure out what the actual password is just by looking at the hash. Even if a hacker breaks into the system, they won’t have access to actual passwords, just the hashes. This is definitely not good for users who use the same password for multiple websites!īy hashing a password, the company protects user information. If actual passwords are stored, and hackers get into their system, they can steal them. Let’s see why they do NOT save your actual password… Only when the two hashes match are you authorized to access your email. Instead, your email provider runs the password through a hash function and saves the hash of your password.Įvery time you attempt to log in to your email account, your email provider hashes the password YOU enter and compares this hash to the hash it has saved. When you create an email address and password, your email provider likely does not save your actual password. This might surprise you, but you probably encounter hashing in your daily life….whenever you log in to check your email. ![]() Real-World Example of Hashing: Online Passwords How the hash stays protected during transit will be covered in a later lesson. *Technically, before I send you the hash, it should be protected in some way, but I wanted to keep the example simple. Of course, in the real world, it is our computers that do all this for us.Īnd hopefully, you keep your armpits smelling fresh. The message has not been deliberately altered by someone between me sending it to you and you receiving it.If both hash values are the same, then this proves that: You then compare your hash versus the hash that came before the text message. So you run the message through the same hash function. Once you receive my message, you think, “WTF? Did he really just say that to me? Or was the message intercepted during transit and the original message was altered?” So I want to send you a message, “ Please wear deodorant.”īut before I send this, I run it through a hash function (SHA-256). While your personality was really nice, your smell was not nice at all. ![]() Using a very simple example, let’s say we’re about to meet up for lunch, and right before I head out the door, I remember our last time together… If I post both the message and the hash value I generated from it, you can generate a hash value from the message that you received and compare the hash values. ![]() The hash value of received data can be compared to the hash value of data before it was sent to determine whether the data was altered. Data integrity just means that the data has not been altered in an unapproved way. This makes a hash useful for verifying the integrity of data sent through insecure communication channels like the internet. Since the hash generated is UNIQUE to the input data, it acts as a unique “ fingerprint” of the input data. The main purpose of hashing is to verify the integrity of a piece of data.
0 Comments
Leave a Reply. |