Reputation: 147
How is hashing safe if a given string always generates the same hash?
I am a newbie to hashing, and I understand that MD5 (I know it's broken) and SHA-1 are all fixed hashing algorithms, but given that most passwords are dictionary words or other similar passwords, what's the point of storing it in a hash if an attacker can use Google to backtrack the original password?
I mean, isn't SHA-1 or SHA-2 or any of those algorithms rendered useless?
Upvotes: 0
Views: 77
Answers (2)
Reputation: 842
You're exactly right, simply hashing a raw password would be insecure. Salting is the solution to that. Instead of hashing just the password, hash the password + random_data and save random_data with the password.
Upvotes: 2
Reputation: 455
You need to salt your hashes to avoid being vulnerable to rainbow and 'google' attacks. Have a look at http://en.wikipedia.org/wiki/Salt_%28cryptography%29.
Upvotes: 1
Related Questions
- Can the hash of 2 different inputs be the same?
- SHA algorithm generates each time unique hash string for a same key
- In Hashing, can't we find AT LEAST one original text hashing to the given hash value
- Why hash values are same for string?
- Why is ruby .hash producing different output every time
- How does checking hashes work if no 2 hashes are ever the same?
- Why do String hashes change?
- why should a good hash algorithm not allow attackers to find two messages producing the same hash?
- Ruby: How come the same strings have different hashcodes?
- Is a hash result ever the same as the source value?