We simply cannot store a password in the database as it is because that is unsafe. If we do so, an attacker who somehow has gained access to the database can access all the passwords stored. So, instead, we use a cryptographic hash function to create digests of passwords and then store them. So, even if an attacker manages to gain access to the database, he can access only the digests of passwords and not the actual passwords.
What is a cryptographic hash function?
A cryptographic hash function is a function that takes a message as input and converts it into a digest such that:
- It is easy to compute the digest from the original message
- It is extremely difficult to compute the original message from the hashed message digest.
- It is computationally infeasible to modify a message without changing the resultant hash.
- It is computationally infeasible to find two messages with the same hashed message digest.
While no ideal hash function exists, there are quite a number of cryptographic hash functions that are good enough to solve our purpose. Some widely used, well-known cryptographic hash functions are:
- Hashed Message Authentication Code or HMAC
- Message Digest 2 or MD2
- Message Digest 4 or MD4
- Message Digest 5 or MD5
- Secure Hash Algorithm or SHA
We use these cryptographic hash functions in many places. One of the most common examples is storing passwords. If passwords are not hashed and stored as simple texts on the server, then the passwords can get compromised easily if someone hacks the server.
What is a Rainbow table, and how is it used in hacking passwords?
For a given widely used, well-known cryptographic hash function, it is computationally infeasible to compute the original message back from the hashed message digest. So, hackers sometimes use a brute force method for hacking passwords. They maintain a table in their computers which contains a number of pairs …
0 Comments