Do you know how passwords actually work?
Given all the recent concern about some very prominent sites being hacked, this is a very pertinent topic.
All passwords use either encryption or hashing to convert data from an understandable form to a non-understandable one. OK – what does that mean, exactly?
Encrytpion does this in such a way that it can be converted back with no loss of information. To do this a “key” is used. The key does not have to be the same for encryption and decryption. Most encryption is done today using what is called 128-bit encryption, which means that there are 2 to the 128th power possible combinations or keys. That is 339,000,000,000,000,000,000,000,000,000,000,000, or a decillion or 1000 quintillion.
Someone has calculated that it would take longer than the age of the universe to crack a 128-bit key. (quantum nano computers could change that estimate…) Lossless compression algorithms also convert data, but the main difference is that the primary intent of encryption is to hide data, whereas compression’s primary intent is to make it smaller.
One-way hashing. once the data is converted to non-understandable form, the hashed version of the data cannot be used to recreate the original data. When you enter your password, the computer can one-way hash it and compare the result to the version in the password file. Since one-way hashes are a one-to-one relation, if the two versions match, you are allowed access. For example, in a situation where you have lost your password and the System Administrator cannot tell you what it is, it is probable that one-way hashing has been used to encrypt the passwords. In these cases it is usually possible to reset the password, but only by changing it to a new one, so the hash is not the same.
At Digtal Insite, we use one-way hashing, because we feel it is more secure, since the only person to ever actually know or have access to the original password is the user.