Has your password been leaked?! How websites store your passwords?! How Hashes work?!

How websites store data?

       When you create an account on a web site, that site stores the registration information in a SQL database. Most people, even companies / websites, can access the database directly. In a rustic world, the database contains plaintext passwords. However, it is useful to keep password hashing / encryption for hacker's SQL injection attack to dump database data. That is, even if someone can access the table, the user name, e-mail address, and hash password are displayed, but plaintext passwords are not displayed. If the site itself does not know the password, those who do not understand the hash may doubt the way the site enters the correct password during the login process. Next, please understand that you must understand what the hash is. You can read the technical idea with Wikipedia, but I simplify (significantly). Hashing is easy in any direction of arbitrary manipulation, but on the contrary it is difficult.
       For example, it is easy to mix two colors, finding a color composition of mixed color is not so easy. Multiplying by two large (prime) is simple, but given a large prime number it is not easy to find the two main factors to find the product of this number.

Let's assume that the password is "pass" and has a hash function f (x). Then f ("pass") = d@A2qAawqq21109 (for example). Go straight ahead. On the other hand, it is impossible to find a plaintext password from a hash (d@A2qAawqq21109). Therefore, if you create an account and enter the password "pass", d@A2qAawqq21109 will be stored in the database. When logging in and entering the password "pass", the server assigns a password and changes it to "d@A2qAawqq21109" which matches the SQL database. If you enter another password such as "ssap", you can not log in because the generated hash value is different. Hash functions provide different output for most strings, but there may be conflicts (two strings may have the same hash). It is very rare and we are not worried.

Forgot your password?

      When forgetting a conventional password, instead of informing the password, I have thought about why almost every site gives you a new password. Well, you know, you do not know the fact that they do not know your password. When they provide the opportunity to change your password, they just change the corresponding hash value of the table, now your new password is working properly.

How hashes are cracked?

      As I mentioned earlier, the hash function is easily done, but it is almost impossible to go to another hash function. Another challenge can be achieved by violent law. Basically, someone has a password "pass". Only hackers who can access hashes can sort all passwords alphabetically and then see which hash matches next. (The hacker assumes that the password length is 4 characters.) He tried 'aaaa', 'aaab', 'aaac', 'aaa', 'aaba', 'aabb', 'aabc', '..... aazz', 'abaa' etc .... ....... 'Pear', 'Pub', .., 'Pass'. When he tries 'aaaa', the hash is not d@A2qAawqq21109. He will not satisfy the d@A2qAawqq21109 hash until he reaches "pass". However, in 'pass' the hash will match. That's why a hacker knows your password.

I hope this will prove helpful for you guys. Later I'll explain more about these things.

Feel free to follow us on Facebook Click Here :)