this post was submitted on 17 Dec 2025
22 points (100.0% liked)

Explain Like I'm Five

19238 readers
12 users here now

Simplifying Complexity, One Answer at a Time!

Rules

  1. Be respectful and inclusive.
  2. No harassment, hate speech, or trolling.
  3. Engage in constructive discussions.
  4. Share relevant content.
  5. Follow guidelines and moderators' instructions.
  6. Use appropriate language and tone.
  7. Report violations.
  8. Foster a continuous learning environment.

founded 2 years ago
MODERATORS
sabbah@lemmy.world
AradFort@lemmy.world
rikudou@lemmings.world
Don_Dickle@lemmy.world
Rikudou_Sage@lemmy.world
22
ELI5: How does hashing/encryption algorithms keep your password safe? (lemmy.world)
submitted 1 day ago by Gonzako@lemmy.world to c/explainlikeimfive@lemmy.world
15 comments fedilink hide all child comments
 

I know you gotta store the passwords hashed but doesn't that just move the goalposts? How come someone can't use the hashed end result to get into the service it was used for?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] jjjalljs@ttrpg.network 3 points 1 day ago (1 children)

Not included in this answer and I'm not fully qualified to talk about: salting.

If you knew the hashing algorithm, you could precompute hashes of all the common passwords. Then when you get steal the hashed password data, it's a lot faster to check if any of them are in your list. You can likely find that kind of list online to download.

One defense against this is "salting". The site adds some text to your password before hashing it. So if your password is extremely common, like "password1!", with the added salt the hash on this site will be different. Like maybe it adds the user's uuid, so what gets hashed is "password1!-abcd-123-pretend-this-is-a-uuid". The user doesn't need to know.

Another benefit is that now two passwords that both are "password1!" have different hashes.

I'm not an expert by any means so please someone correct me if anything was wrong there.

[โ€“] sylver_dragon@lemmy.world 4 points 19 hours ago

Thanks for adding that. I mentioned salting in a parenthetical and then completely ignored it. This is a good addendum.