As a web developer, you must have come across the term password hashing at least once. Let us quickly understand what is password hashing and why we even need it.
What is Password Hashing?
Password hashing is the process of encrypting a user’s password before storing it into a database. The encryption is one way and passwords once hashed cannot be decrypted to their original text value.
Why do we need to Hash Passwords?
Password hashing has become extremely important in today’s time. Assume a scenario where your database gets hacked and now all the details of your users are exposed to the hacker. The hacker will have access to all of your data and the user’s password.
Now you must be wondering what is the point of encrypting the passwords if the database itself can be hacked. Well, the answer is pretty simple. An average user uses a single password for more or less every website. So if the hacker gains access to the user’s password on your site, then he/she can access other accounts of the user on other websites as well. Also, these passwords are often sold in the black market. They may be used to form various password dictionaries etc.
How to hash passwords?
Password hashing is usually done with the help of encryption algorithms. Bcrypt is one of the most used hashing functions that can use a variety of algorithms. The good thing about bcrypt or hashing, in general, is that you already know the length of a hash. So all the password fields in your table have the same length. To verify passwords on login, the sent password needs to be hashed and the hash value should match the value in the records. This whole process is slow and really helps against brute force attacks.