Hashing and Security Part 1

What is hashing?? Let’s discuss about it in a layman level. Whenever we give a password to create an account at any site, the password goes through a process of Hashing. Whatever we give as a password, the hashing function converts it into a code consisting with 40 characters. Most likely, in hexadecimal format. A hexadecimal number system consists of 16 characters (0–9 & a-f).

Say, we give a password “ironman”, the function will convert it into a 40 character hash code. We can take another password “captainamerica”, this will also be converted into a 40 character hash code. Notice, the length of the password isn’t affecting the length of the hash code.

What concerns common people is that their passwords are in the company database, so will the company able to login to their account and see their details. The answer is “NO”. What is stored in the company database is the hash code which will require a lot of time( I repeat a LOT) for discovering only 1 password. Because, if we look into the number of combinations of hash code that can be formed is, 16⁴⁰ combinations (calculate that it won’t fit in your calculator). So in that regards it is a good news for us.

Another question one can ask, what will happen if we put the hash code in the password area? Will it give back the original password? Answer is NO. Hashing is a one way process. Once we give the hash code in the password region, it will generate another hash code for that hash code. It won’t give the password.

Now, going back to the examples of passwords I can ask what will happen if instead of “ironman” I give “ironmen”? Will the generated hash code be similar to the hash code generated from “ironman” ? Answer is not really. The hash code for the “iron” part will not exactly be same but will have some similar patterns(will come to that in a later blog) but for that “men” part it will be completely different. Given there are 40 characters in the hash code it will still be a hard nut to crack.