DEV Community

Nozibul Islam
Nozibul Islam

Posted on

4 4 4 4 4

Password Hashing and Data Integrity in Real-World Implementation

When a user creates a new account by signing up, the password they provide is not stored directly in the database. Instead, the password is passed through a hash function. This hash function converts the original password into a unique string (hash). The hash value is then stored in the server, not the actual password.

Later, when the user attempts to log in, they enter the same password. This entered password is passed through the same hash function, and the resulting hash is compared with the hash stored in the server. If both hash values match, it indicates that the password entered by the user is correct. This is because hash functions always generate the same output for the same input, ensuring consistency. If the hash values do not match, the login will be rejected.

By using hashing, passwords are stored securely without being saved in plain text, which increases security. Even if hackers gain access to the database, they will only have the hash values, not the actual passwords. This process is a vital part of securing sensitive information and ensuring user privacy.

Additional Use Cases of Hashing

Hashing is not only used for password storage but also plays a crucial role in ensuring data integrity in various systems. For example, when files are uploaded to the internet, the hash value of the file is created and uploaded alongside the actual data. When a new user downloads the file, they can use the same hash function to calculate the digest of the downloaded file. Then, the hash values are compared. If they match, it ensures the file's integrity has been maintained and no data corruption has occurred.

This method is used to ensure the accuracy and security of files, so that no changes or corruption occur to the file during transmission or storage.

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (1)

Collapse
 
devh0us3 profile image
Alex P

Just read the most useful cheat sheet from OWASP cheatsheetseries.owasp.org/cheatsh...

TLDR: hashFunction( password + userid, 1_000_000 iterations + 1_000_000 % password.shortHash())

And how to guess hashes: hashcat.net/hashcat/ + rainbow tables

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay