Menu
I've read a number of questions which suggest hashing passwords and storing them in the database.
When someone logs in, you hash the password provided with what you have stored.
What I do not understand is how this can work?? Two strings can hash to the same value - Not likely but DEFINITELY possible
Can someone help me please?
EDIT: Can anyone give a statistic of the collision likeliness?
345
You should not store the password unencrypted because your database admins should not have access to customer passwords.
Hashing the passwords prevents database admins from being able to see the password.
The very small chance of a collision is not a problem as this does not significantly increase the chance of someone trying to brute force a customer's password getting a match before you lock-out the accounts.
PS it is also good practice to salt the passwords before hashing to make it more difficult still to brute force if a hacker somehow got access to the password table. Makes it harder to use rainbow tables etc.
180
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
