this post was submitted on 17 Jul 2023
401 points (89.1% liked)
Programmer Humor
32443 readers
946 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Additional to what others have said: The "salted" part is very relevant for storing.
There aren't soooo many different hashing algorithms people use. So, let's simplify the hashing again with the crossfoot example.
Let's say, 60% of websites use this one algorithm (crossfoot) for storing your password, and someone steals the password "hashes" (and the login / email). I could ran a program that creates me a list of all possible crossfoots for all numbers for 1 to 100000.
This would give me an easy lookup table for finding the "real" number behind those hashes. (Those tables exists. Look up "rainbow tables")
Buuuut what if I use a little bit of salt (and pepper pepper pepper) before doing my hashing / crossfooting?
Let's use the pw "69" again and use a salt with a random number "420" and add them all together:
6 + 9 + 420 = 435
This hash wouldn't be in my previous mentioned lookup table. Use different salts for every user and at least the lookup problem isn't such a big problem anymore.
This was super helpful ๐๐ผ sent me down a whole other rabbit hole of learning