What keeps your password safe?
A good service provider (e.g. a bank) will not store customers' passwords. The reason is simple. If someone hacks into the computer of the servic provider, he would easily get the passwords should they be stored in the computer.
How to prevent this from happening?
Your bank does not store your password, but rather a hashed version. When you log onto your bank account, the bank's computer compares the hashed version of the password you type in with the entry stored in its hashed-password profile.
The hashed version, denoted by H, is actually a function of your password, let's call it input x.
To make the hashed version secure, the function H(x) should have the following properties:
1. For any input x, it should be easy to compute H(x) ;
2. Given H(x) , it should be computationally infeasible to find x(inverse function);
3. All values produced by H, say y, should have the same bit-length; (y, if different from your password x are "collisions"). This is to prevent some different bit-length input y, which produces H to gain access.
4. It should be computationally infeasible to find y that collides with x, i.e. H(x) = H(y).
Note: "computationally infeasible" means it would take the fastest computers more than a human life to carry out the procedure to completion. That is to say, even someone hacks into the stored H(x) , he would not be able to obtain your password, x.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment