Resolved Would like to learn how this is done

Discussion in 'Web Design and Development' started by revmacian, Dec 1, 2018.

  1. revmacian macrumors 6502a

    revmacian

    Joined:
    Oct 20, 2018
    Location:
    USA
    #1
    Many (most?) websites require a username + password credential to gain access to an account. I would like to learn how websites do this, so consider the following:

    1. I go to a website for which I already have an account
    2. I input my passphrase - for this example let's say my passphrase is eggsandbacon

    Now, what I thought happens is the following:
    1. The website takes the passphrase I have entered (eggsandbacon) and hashes it using sha256 - which results in
    5d33b822d391dac58b9e4a07cb9fa9e20cd8d61d3287f073691a350240e03690
    2. The website then compares the hashed passphrase against the hashed passphrase I have on file at the website - ideally the website would have hashed my passphrase (eggsandbacon) using sha256 when I created the account.

    If someone were to hack the website and obtain the hashed passphrase (in this case
    5d33b822d391dac58b9e4a07cb9fa9e20cd8d61d3287f073691a350240e03690) and enter that into the website, the website is going to hash it again before comparing it with the one they have on file. This would result in the wrong passphrase and deny access. Even with a massive cracking array scenario, this hash is going to take a very long time to brute force.

    My question is, when people hack websites, how do they obtain correct passwords for various accounts? Is the sha256 hash reversible?
     
  2. m00min macrumors 6502

    Joined:
    Jul 17, 2012
  3. revmacian thread starter macrumors 6502a

    revmacian

    Joined:
    Oct 20, 2018
    Location:
    USA
    #4
    Ah, thank you very much!
     

Share This Page

3 December 1, 2018