How passwords are stored on serverssteemCreated with Sketch.

in #technology7 years ago

We trust servers, websites and companies for a lot of things, information, privacy, security and any these trusts are failed it can be catastrophic. Many people assume that when you enter in a password for an account on any site, the owner of that site can see your password. Now don't get me wrong there are definitely sites out there that store your password in what we call "clear text" this means they, the web admins and ones who control the server, can see your password. This is an awful security wise and is definitely not the standard.

The standard is "hashing" the password. The concept of hashing is simple (trust me), hashing is just applying an algorithm (don't freak out) to a file or selected text and it spits out random string of characters. If you input the exact string (case sensitive) it will ALWAYS spit out that same hash. There are several hashing algorithms out there including MD5 and Sha-256 being the most popular. So when you create an account with your password for the first time the server doesn't save your password. It saves the HASH of your password and stores that. When you go to log in again and enter in your password it hashes your entry and compares that output to the output of the stored password.

Still confused? Take for example the word 'password' when I run this through a sha256 hash I get this:
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

if I was to run through the word 'Password' (note the case), I get this:
e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a.

The reason for the hashing of course is so your passwords aren't clear to anyone, not even the website owner. This also means if that site is to be hacked the hackers will only see a hashed password rather then plain text passwords. Hashing is a simple yet powerful concept that is essential to a secure website.

I hope my explanation has been thorough, clear and most of all accurate. Please let me know if you have any questions and even corrections or anything you'd like to add. If you have specific requests on tech topics you'd like to see next let me know. Hope to see you all next time.

Sort:  

Congratulations @liquidaurum! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes received

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

Upvote this notification to help all Steemit users. Learn why here!

Great article mate, keep them coming

Congratulations @liquidaurum! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of comments received

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

Upvote this notification to help all Steemit users. Learn why here!