What is password hashing? [closed]

by

Definition:
Hashing is the application of a function f() to a variable sized input to produce a constant sized output.

A => f() => X
B => f() => Y
C => f() => Z

A hash is also a one-way function which means that there isn’t a function to reverse or undo a hash. As well re-applying the hash f(f(x)) isn’t going to product x again.

The Details:

A hash function can be as simple as “add 13 to the input” or complex like a Cryptographic Hash such as MD5 or SHA1. There are many things that constitute a good hash function like:

  • Low Cost: Easy to compute
  • Deterministic: if I hash the input a multiple times, I am going to get the same output each time
  • Uniformity: The input will be evenly distributed among the possible outputs. This falls in line with something called the Pigeonhole Principle. Since there are a limited number of outputs we want f() to place those outputs evenly instead of in the same bucket. When two inputs compute to the same output this is known as a collision. It’s a good thing for a hash function to produce fewer collisions.

Hashing applied to Passwords:

The hashing of passwords is the same process as described above, however it comes with some special considerations. Many of the properties that make up a good hash function are not beneficial when it comes to passwords.

Take for example determinism, because hashes produce a deterministic result when two people use the same password the hash is going to look the same in the password store. This is a bad thing! However this is mitigated by something called a salt.

Uniformity on the other hand is beneficial because the desire is for the algorithm to limit collisions.

Because a hash is One-Way means the input cannot be determined from the output, which is why hashing is great for passwords!

More Related Contents:

  1. Hash table runtime complexity (insert, search and delete)
  2. What is a good Hash Function?
  3. Probability of collision when using a 32 bit hash
  4. Compute rank of a combination?
  5. Given a number, produce another random number that is the same every time and distinct from all other results
  6. Hashing a Tree Structure
  7. Which is faster, Hash lookup or Binary search?
  8. Reason for the number 5381 in the DJB hash function?
  9. What is the best way to check the strength of a password?
  10. Why are hash table expansions usually done by doubling the size?
  11. What is tail call optimization?
  12. How does the Google “Did you mean?” Algorithm work? [closed]
  13. Algorithm for Determining Tic Tac Toe Game Over
  14. How to find all combinations of coins when given some dollar value [closed]
  15. How to make rounded percentages add up to 100%
  16. Write a function that returns the longest palindrome in a given string
  17. Magic number in boost::hash_combine
  18. How do I efficiently determine if a polygon is convex, non-convex or complex?
  19. Cycles in an Undirected Graph
  20. Generating permutations lazily
  21. Compute the minimal number of swaps to order a sequence
  22. Find the missing and duplicate elements in an array in linear time and constant space
  23. How do I check if a directed graph is acyclic?
  24. Basic Recursion, Check Balanced Parenthesis
  25. How to find the smallest number with just 0 and 1 which is divided by a given number?
  26. Count the number of set bits in a 32-bit integer
  27. What hashing function does Java use to implement Hashtable class?
  28. Big O when adding together different routines
  29. Algorithm for reflecting a point across a line
  30. What is the most efficient way to encode an arbitrary GUID into readable ASCII (33-127)?

Leave a Comment