Password Hashing

Salted Password hashing is a way to store passwords in a database through a hash algorithm. The benefit of password hashing is being able to protect and ensure a user’s password is correct even if that password file has been compromised. The job of the hash algorithm is to turn data into a fixed form such that it can’t be reversed. If a change does occur in the data, the algorithm has a method that assigns the changed data to a completely new hash as seen below.

hash(“hello”) = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
hash(“hbllo”) = 58756879c05c68dfac9866712fad6a93f8146f337a69afe7dd238f3364946366
hash(“waltz”) = c0e81794384491161f1777c232bc6bd9ec38f616560b120fda8e90f383853542

Authentication Workflow

There are five steps to an authentication process. First an account is created by the user. Second, their password is hashed and stored in a database. Third, as the user logs in, the password entered is checked against the password stored in the database. Fourth, if the hashes match, the user has successfully logged in. If not, a message appears stating the user’s input is invalid. And finally, the user repeats the third and fourth steps until the hashes match