this post was submitted on 23 Sep 2023
1248 points (98.2% liked)

Comic Strips

12933 readers
2416 users here now

Comic Strips is a community for those who love comic stories.

The rules are simple:

Web of links

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] tillary 1 points 1 year ago* (last edited 1 year ago)

That's correct, let's say a database was breached and the hacker has every user and their password hashes. They can login with [email protected] with password "password123" and see if the generated hash matches any other user's password hash. If so, they might be able to hack many accounts with the same password or even reverse engineer and decrypt every other password.

Developers can make the hash more secure by adding arbitrary characters to the password (aka a salt), and this becomes the site's "authentication algorithm". But if the hashes are stolen, it may be a matter of time before the algorithm is figured out, which leads to updates, which leads to your pre-existing hash no longer matching.