Jump to content
Larry Ullman's Book Forums
Sign in to follow this  
phpstuff

Password_Hash() Just A Question On It

Recommended Posts

So it seems like when you hash a password that the hash is a constant related to the password.

 

So, If Amazon.com hashes the user password "mysecretpw99"  and the hash is:

 

1209j09j0939h480h2389g4h9823g4

 

And then Yahoo.com hashes the same user password "mysecretpw99"  then the hash will be:

 

1209j09j0939h480h2389g4h9823g4

 

 

Is this correct?

 

If so, wouldn't it be easy to build a database of potential password combos, hash all of the combos, then have a database filled with hashed values.  Then compare those hashed values to the actual hashed passwords that users are using on various websites (assuming the hashed values can be found).  Just curious if this is how it works.

 

Are there other techniques available to scramble the hashes or is this not effective or not necessary?

Share this post


Link to post
Share on other sites

I think it depends on how you're trying to hack a password. If you're going through a normal web interface, then you would never enter a hash directly. You would enter a regular password, and that would then be turn into a hash and compared to a hash in the DB on the back-end.

 

If, somehow, you got access to a whole DB of hashed passwords, then yes, you could potentially do what you suggested, which is akin to a dictionary attack, which is a popular technique for trying to crack passwords.

 

Anyway, I think (and I could be wrong) that a lot of password hashing algorithms these days take the time into account when hashing the password, and somewhere within the hash itself is a key hidden to retrieve that time so that at any later time, you can check that the hash you're creating for confirmation purposes matches the original hash when it should.

Honestly, I don't know though.

 

The whole password hashing industry is an incredibly complex one with a deep history that's probably worth reading about.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...