Kangaroo Files logo
BETA
back_buttonBack to the home page
Knowledge Hub

Password Hashing: The method used to hide your password

Leonardo Domingues | CEO Kangaroo Files
17/10/2024
facebook_iconinstagram_iconlinkedin_iconyoutube_icon

Imagine the frustration of discovering that your password has been compromised and that someone has accessed your personal or professional accounts. Losing a password can lead to serious consequences, such as identity theft or the loss of confidential data. Fortunately, when a service uses password “hashing,” even in the event of a data breach, your passwords remain secure.

What is a Password?

 

A password is like a secret key we use to access our online accounts, such as email, social media, or banking services. Protecting these passwords is essential to keep our personal and professional information secure.

 

What is "hashing"?

 

Imagine a machine that transforms a word or phrase into a unique code made of numbers and letters. This machine applies a function called hashing. When you enter a word into it, you get a unique result that cannot be reversed to discover the original word.

 

A Simple Example: Making a Cake

 

Think of baking a cake. You start by mixing ingredients in a specific order, but once they are mixed and baked, the result is a cake whose exact ingredient sequence is impossible to figure out. Similarly, hashing transforms your password into a code that does not allow the original password to be recovered.

 

For example:

 

  • Original Password: Segur@123
  • Generated Hash: 5f4dcc3b5aa765d61d8327deb882cf99

     

Even if someone has access to the hash 5f4dcc3b5aa765d61d8327deb882cf99, they cannot figure out that the original password is Segur@123.

 

How Does Password Hashing Work?

 

  • Hash Creation: When you create an account and set a password, the system applies a hashing function to your password, generating a unique hash.
  • Secure Storage: Instead of storing the password in plain text (as some older systems still do), the system only stores the generated hash.
  • Verification During Login: When you enter your password to log in, the system applies the hashing function to the password you typed and compares the new hash with the stored one. If the hashes match, access is granted.

     

Why Does Hashing Protect Passwords?

 

  • Irreversibility: Hashing functions only work in one direction. It’s not possible to take the hash and discover the original password.
  • Security in Case of Data Breaches: If a hacker gains access to the database, they will only find password hashes, not the passwords themselves.

     

"Salting" – Extra Security

 

To make the process even more secure, some systems use a technique called "salting." This means adding extra information to the password before applying hashing, like a secret ingredient in a recipe. Even if two people use the same password, the hashes will be different because of the salting.

 

Simplified Example of "Salting"

 

  • Original Password: Segur@123
  • Random Salt: XyZ!@#
  • Password with Salt: Segur@123XyZ!@#
  • Generated Hash: e99a18c428cb38d5f260853678922e03

     

By adding this "salt," the hashing process becomes even more secure and resistant to attacks.

 

Conclusion

 

Password hashing is essential for protecting your online information. By transforming your passwords into irreversible codes and using techniques like salting, systems ensure that even in cases of data breaches, your passwords remain secure.

 

At Kangaroo Files, we take security very seriously. We use hashing and salting to store your passwords in the most secure way, along with the most advanced encryption and storage techniques to ensure your data is always protected.

Leonardo Domingues | CEO Kangaroo Files

17/10/2024