I know you gotta store the passwords hashed but doesn’t that just move the goalposts? How come someone can’t use the hashed end result to get into the service it was used for?
I know you gotta store the passwords hashed but doesn’t that just move the goalposts? How come someone can’t use the hashed end result to get into the service it was used for?
I’m not very technical so this is how it was explained to make sense to me
A hash is basically like an identifier for a piece of data that lets you know it’s integrity. You take a blob of data, run a hash of it which basically just means it takes all the data that’s present, does some math magic, and spits out your hash. This is great because if a single bit changes in that data, it will spit out an entirely different hash.
Now, you can also basically make a hash of hashes and compare them, basically were another level up now.
We can use a cryptographic key that you and I only know to encrypt and decrypt a hash of a has that we can share.
All we send eachother is meaningless numbers, but knowing the cryptographic key, we can “subtract” that from the data we recieve to know it’s content.
If anyone else intercepts that data without the key will encrypt it to find a completely different set of data