Submitted by AutoModerator t3_ywvph3 in askscience
calcopiritus t1_iwp4k5e wrote
Reply to comment by Treacherous_Peach in Ask Anything Wednesday - Engineering, Mathematics, Computer Science by AutoModerator
To "break" a hash yes, any solution is sufficient. However, getting 1 of those solutions is still really hard. In this case the total amount of "hashes" is 3: either 0, 1 or 2. Real hashing algorithms have many more possible hashes.
It won't necessarily work in other sites for 2 reasons.
-
"1234" and "7463" might generate the same hash using algorithm X, but it probably won't using algorithm Y. If 2 sites use different algorithms, you have to know the actual password. EDIT: I just saw you mentioned this, but it's still interesting to point out.
-
Just hashing a password is bad practice for exactly this reason, so the recommended technique is doing hash+salt. That means every site generates a random "salt" for every user, and adds it to the password before hashing. So the password for site X is actually "1234jdyendi" while in site Y is "1234udnfki". Although you type the same password in both sites, it's actually a different one from an attacker POV, you need to know "1234", any other solution won't work for both sites.
Viewing a single comment thread. View all comments