DEV Community

Nozibul Islam
Nozibul Islam

Posted on

4 4 4 4 4

Password Hashing and Data Integrity in Real-World Implementation

When a user creates a new account by signing up, the password they provide is not stored directly in the database. Instead, the password is passed through a hash function. This hash function converts the original password into a unique string (hash). The hash value is then stored in the server, not the actual password.

Later, when the user attempts to log in, they enter the same password. This entered password is passed through the same hash function, and the resulting hash is compared with the hash stored in the server. If both hash values match, it indicates that the password entered by the user is correct. This is because hash functions always generate the same output for the same input, ensuring consistency. If the hash values do not match, the login will be rejected.

By using hashing, passwords are stored securely without being saved in plain text, which increases security. Even if hackers gain access to the database, they will only have the hash values, not the actual passwords. This process is a vital part of securing sensitive information and ensuring user privacy.

Additional Use Cases of Hashing

Hashing is not only used for password storage but also plays a crucial role in ensuring data integrity in various systems. For example, when files are uploaded to the internet, the hash value of the file is created and uploaded alongside the actual data. When a new user downloads the file, they can use the same hash function to calculate the digest of the downloaded file. Then, the hash values are compared. If they match, it ensures the file's integrity has been maintained and no data corruption has occurred.

This method is used to ensure the accuracy and security of files, so that no changes or corruption occur to the file during transmission or storage.

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (1)

Collapse
 
devh0us3 profile image
Alex P

Just read the most useful cheat sheet from OWASP cheatsheetseries.owasp.org/cheatsh...

TLDR: hashFunction( password + userid, 1_000_000 iterations + 1_000_000 % password.shortHash())

And how to guess hashes: hashcat.net/hashcat/ + rainbow tables

Image of Datadog

The Essential Toolkit for Front-end Developers

Take a user-centric approach to front-end monitoring that evolves alongside increasingly complex frameworks and single-page applications.

Get The Kit