Additional to what others have said: The “salted” part is very relevant for storing.
There aren’t soooo much different hashing algorithms people use. So, let’s simplify the hashing again to the crossfoot example.
Let’s say, 60% of websites use this one algorithm (crossfoot) for storing your password, and someone steals the password “hashes” (and the login / email). I could ran a program that creates me a list of all possible crossfoots for all numbers for 1 to 100000.
This would give me an easy lookup table for finding the “real” number behind those hashes.
(Those tables exists. Look up “rainbow tables”)
Buuuut what if I use a little bit of salt (and pepper pepper pepper) before doing my hashing / crossfooting?
Let’s use the pw “69” again and use a salt with a random number “420” and add them all together:
6 + 9 + 420 = 435
This hash wouldn’t be in my previous mentioned lookup table.
Use different salts for every user and at least the lookup problem isn’t such a big problem anymore.
Additional to what others have said: The “salted” part is very relevant for storing.
There aren’t soooo much different hashing algorithms people use. So, let’s simplify the hashing again to the crossfoot example.
Let’s say, 60% of websites use this one algorithm (crossfoot) for storing your password, and someone steals the password “hashes” (and the login / email). I could ran a program that creates me a list of all possible crossfoots for all numbers for 1 to 100000.
This would give me an easy lookup table for finding the “real” number behind those hashes. (Those tables exists. Look up “rainbow tables”)
Buuuut what if I use a little bit of salt (and pepper pepper pepper) before doing my hashing / crossfooting?
Let’s use the pw “69” again and use a salt with a random number “420” and add them all together:
6 + 9 + 420 = 435
This hash wouldn’t be in my previous mentioned lookup table. Use different salts for every user and at least the lookup problem isn’t such a big problem anymore.
This was super helpful 🙏🏼 sent me down a whole other rabbit hole of learning