1. Why Not Store Plaintext Passwords?
- If a database is breached → attackers get direct passwords.
- Users often reuse passwords → one breach compromises multiple accounts.
- ✅ Rule: Never store raw passwords.
2. Hashing
-
Hashing = one-way function → converts password into a fixed-length string.
-
Example (MD5):
"password123" → 482c811da5d5b4bc6d497ffa98491e38
-
Property: Cannot (easily) reverse back to original password.
❌ Problem
- Old algorithms like MD5, SHA1 are:
- Fast → easy to brute-force.
- Vulnerable to rainbow tables (precomputed hashes).
3. Salting
- Salt = random string added to password before hashing.
- Prevents rainbow table attacks (same password won’t have same hash).
📌 Example:
Password = "password123"
Salt = "XyZ@9#"
Hash(Salt + Password) = 9f8a34b6...
- Even if two users have
"password123", their hashes will differ.