Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@craig939393 The point is passwords should be encrypted one way so they cant be decrypted.
-
Crost40749yahhh. thanks for the helpful answer.
what confuses me then, is if you use random number generation to hash a password, surely you need to unhashed it to login and check that password against the database?
sorry for hijacking this xD -
kheftel6529y@craig939393 no, no problem, happy to help!
Here's how it works - when you type in a password on a website, the server hashes it with the same algorithm and compares it to the hashed password in their database. if the hashes match, you're allowed in. They never have to touch the plaintext password after signup. AND if (when) they get breached and the hackers get a database dump, they can't just grab all the passwords at once. -
kheftel6529yhopefully they use a salt and an expensive (i.e. slow) hashing function like bcrypt and even if the hackers have the database, they have to brute-force each password individually, and it is a slow process requiring lots of hardware.
-
Crost40749yI understand now. by touching the password in the database you invite trouble. thanks man.
-
Bastian2179y@kheftel
Great tool, some guy in here told me about it, cant remember who, but it is nice ! i think is has some plugin that checks the site you visit in the registry of offendors aswell 😃 -
What if the hash just looks like plain text? =)
Besides, secure servers. No breach possible. Lol.
A website just emailed me my forgotten password in PLAINTEXT.
I'm out of breath from running for the hills so fast.
undefined
nope nope nope nope nope