Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

I am missing something about the usefulness of hashes

Tags:

.net

security

hash

So, hashes are useful because they change password/login name/salt value combinations to a code that cannot be reversed. The client sends this hash to the server. The server compares the hash to a list of stored hashes to see if the client's user may be granted access. But how do I prevent a malicious user from intercepting the hashed password and writing his own client that sends this hash to the server?

like image 580
Dabblernl Avatar asked May 21 '09 11:05

Dabblernl

People also ask

What is key and value in hash?

The key is sent to a hash function that performs arithmetic operations on it. The result (commonly called the hash value or hash) is the index of the key-value pair in the hash table.

What is a hash pair?

Entries in a hash are often referred to as key-value pairs. This creates an associative representation of data. Most commonly, a hash is created using symbols as keys and any data types as values. All key-value pairs in a hash are surrounded by curly braces {} and comma separated.

What are Ruby hashes?

In Ruby, Hash is a collection of unique keys and their values. Hash is like an Array, except the indexing is done with the help of arbitrary keys of any object type. In Hash, the order of returning keys and their value by various iterators is arbitrary and will generally not be in the insertion order.

Are Ruby hashes ordered?

Hashes are inherently unordered. Hashes provide amortized O(1) insertion and retrieval of elements by key, and that's it. If you need an ordered set of pairs, use an array of arrays.

2 Answers

Thats the Man in The Middle Attack and nothing to the with hashing, to mitigate such attacks we use Secure Sockets Layer and similar technologies.

like image 194
ismail Avatar answered Oct 13 '22 13:10

ismail

Hashes are useful if someone gets a hold of a backup of your database or gets read only access to the live db. They can't then work out the password and send it to your live system. This is why you salt them, so that a hacker with read only access can not set his password and then look to see if anyone else has the same password.

As you have pointed out they don't stop request interception (Man in the middle attacks) to stop that you need to use secure connections with packet encryption and signing. HTTPS & SSL are the most common ways to do this.

like image 26
Martin Brown Avatar answered Oct 13 '22 11:10

Martin Brown
Sign in to Comment

Related questions

add rows to a dataset
Are lambda expressions multi-threaded?
Is there a better, 3rd party "Find" / "Search" add-on for Visual Studio 2008? [closed]
ComboBox not losing focus
A random cross-thread operation exception for Winforms multithreaded UI operation
Insert OpenXmlElement after word bookmark in Open XML SDK
How do I Create an HTTP Request Manually in .Net?
How do I pass 2 parameters to Nant script?
Best Practices: Returning from method in case block of switch statement?
How do I create a string with Quotes in it in C#
error calling function ,[A call to PInvoke function unbalanced the stack]
What's the best approach to logging? [closed]
Best practice for using goto
What is encapsulation? How does it actually hide data?
C# - Fastest way to find one of a set of strings in another string
.NET string.IsNullOrWhiteSpace implementation
C# File.Copy throws exception "The given path's format is not supported"
Why string.IsNullOrWhiteSpace("\0") is false
return html file from .Net Core api
Can a Base64 String contain tabs?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!