Software Engineering Asked by oh hello there on October 29, 2021
I don’t understand why we hash data like passwords. I know it’s harder to steal hashed data rather than just plain text, and it takes longer, but once one of those public hashing methods gets cracked, lots of that data’s gonna be stolen. And by the time there’s another method, you’re gonna have (possibly) things like account hijacking, credit card fraud, etc. With technology exponentially growing in power, It doesn’t seem that secure. In other words, why is hashing so important if it’ll be cracked sooner or later?
Edit: Sorry if I’m sounding like a noob, I’m new to databases and want to make a login system, and thought of this along the way.
So I guess I was quite confused... I must've been confusing encoding with hashing and hashing with encryption. I'll read more about hashing sometime soon. Thanks for all the support, though!
Answered by oh hello there on October 29, 2021
You say everything will be cracked sooner or later. However, according to the laws of physics (mostly quantum physics which gives us a minimum amount of energy to make any change to a system, and an estimate of the total mass of everything in the universe), it is physically impossible to make 2^256 changes to any system. Which means it is physically impossible to just crack one message protected with a 256 bit key.
So no, everything will not be cracked sooner or later.
Answered by gnasher729 on October 29, 2021
You can't just look up a decryptor. In order to decrypt encrypted data, you need to know the encryption key, which is secret.
If they told you the encryption key, the encryption would be pointless, which is why they don't tell you the encryption key.
Answered by user253751 on October 29, 2021
Hy,
Encryption is a way of keeping your data safe and confidential as it is sent over the internet. Whenever you send personal information across the internet, be it passwords, credit card information or personal contact details, encryption stops others from seeing what you are doing.
Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting.
You can use strong encryption algorithm like AES,and one time pad for securing your data.
More reference:
https://blog.storagecraft.com/5-common-encryption-algorithms/
Answered by AjayGohil on October 29, 2021
I know it could slow [hackers] down, but you could just look up a decryptor.
Sure. But that's missing the point. For any good encryption algorithm, everyone knows the decryptor. Everyone knows the algorithm. Yet trillions of dollars flow over the web with no problem at all. How?
Because security is based on keys, not algorithms. Even if you know the algorithm, and you know the ciphertext it is computationally difficult (read: millions and millions of CPU-hours) to decode the text. "could slow hackers down" is a gross understatement. Since you have the key, you don't need to do all of that processing. You can get back to the plaintext with effectively a few hundred XORs.
Instead of taking a few dozen milliseconds to read, good encryption without the key makes your data take a few dozen centuries to read (or maybe a few dozen years or months for "low risk" stuff like the SSL connection to StackExchange).
Answered by Telastyn on October 29, 2021
For the same reason you lock your doors when you are gone: It makes it more difficult for someone to steal from you. Additionally, there are steps you can take when "encrypting" data (salting for example - I think you were probably talking about hashing passwords, which is different than encrypting.) that would make it more difficult to decrypt. You couldn't simply, say, compare against a rainbow table looking for known values.
There is no such thing as a 100% secure system. The goal is to keep making things more and more difficult to intruders to where the reward isn't worth the trouble.
Answered by aasukisuki on October 29, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP