Cyber Security: Hashing Transcript The Open University created a vido on how passwords are stored and used as part of their free cyber-security course. It is very well put together.
Click here to see a video on hashing published by the OU This is the Transcript of the video:
In this case, the user types in a simple password. To keep things easy, we're using the very simple-- and very bad-- password "apple."
The user's password is sent over the network and is stored in a database on the server. At some later date, the user wants to access the server again.
If the two match, they're given access.
It's very easy to copy data on a network, so an attacker could make their own copy of the password. Once they have that, they can then log into the server masquerading as the original user. A second problem is that the database itself might be stolen from the server by hackers-- or even a disgruntled employee. If this were to happen, all of the passwords belonging to all of the users could be misused. To prevent passwords being stolen in transit, we use a secure network link between the user's computer and the server which hides data using strong cryptography.
It's much harder to stop the server's database being stolen. But we can obscure passwords using a technique called hashing. Hashing is a mathematical technique that scrambles a password to produce a so-called hash. So when the user creates a password, server turns the password into a hash. And rather than storing the password in the database, we store the hash. So when the user logs in next time, they enter their password, which is sent over the network.
Crucially, hashing only works one way. It's not possible to simply undo the hashing to recover the original password. Even if the database is stolen, the attackers only have the hashed passwords, rather than the passwords themselves. If the attackers want to find out the original passwords, they'll have to hash every possible password and compare them to the list of stored hashes. This is an enormously time-consuming process. |
|
Custom Search
When a user connects to the server for the first time, they may be asked to create a password so they can get access to the services available on the server. 
Your own passwords should be much harder to guess. 
They're asked for their password, and type in "apple." The password is sent over the network and compared to the stored password-- also "apple"-- in the server's database.
Any data passing over a network can be stored or intercepted. 
One type of secure link is called SSL, which you'll have used, perhaps without knowing it, when shopping online. 
The server creates a new hash from the password and compares it to the stored hash. If the two hashes match, then the user is allowed into the computer. 
