this post was submitted on 17 Dec 2025
22 points (100.0% liked)

Explain Like I'm Five

19238 readers
12 users here now

Simplifying Complexity, One Answer at a Time!

Rules

  1. Be respectful and inclusive.
  2. No harassment, hate speech, or trolling.
  3. Engage in constructive discussions.
  4. Share relevant content.
  5. Follow guidelines and moderators' instructions.
  6. Use appropriate language and tone.
  7. Report violations.
  8. Foster a continuous learning environment.

founded 2 years ago
MODERATORS
sabbah@lemmy.world
AradFort@lemmy.world
rikudou@lemmings.world
Don_Dickle@lemmy.world
Rikudou_Sage@lemmy.world
22
ELI5: How does hashing/encryption algorithms keep your password safe? (lemmy.world)
submitted 1 day ago by Gonzako@lemmy.world to c/explainlikeimfive@lemmy.world
15 comments fedilink hide all child comments
 

I know you gotta store the passwords hashed but doesn't that just move the goalposts? How come someone can't use the hashed end result to get into the service it was used for?

you are viewing a single comment's thread
view the rest of the comments
[–] theit8514@lemmy.world 3 points 1 day ago

One thing not mentioned is that modern password hashing algorithms will iterate your password hundred of thousand of times. This makes cracking the hash much more time intensive. For example if 1 hash takes 1ms (most hash algorithms are way quicker), then 1000 iterations of that means it will take 1 second to compute your hash from the input. The server has to spend that time to validate your password when you login, but that's a small tradeoff to make brute force attempts which will now have to calculate 1000x hashes for each input.

We updated to the NIST recommendation of 600000 iterations a few years ago when it was released, with regular increases every year. Logins take upwards of 5 seconds but it's added security in the event the data is leaked.