Passwords have to be stored as hashes, so that they cannot be reversed. In addition to this, before hashing a random generated number is added with a "salt algorithm", so that two equal password for two different users, generate different hashes. This means it's harder to crack multiple passwords.
Here's how the method works, when a user register:
1. A random salt is generated 2. Password and salt are concatenated 3. The password+salt string is hashed for N times. 4. The string iterations+salt+hash is stored into the database
Here's how the method works, when a user login:
1. Iterations, salt and hash are retrieved from the database 2. The same hash is produced for the login password 3. The login hash is compared with the database hash
Copyright © 2013 Welcome to the website of Davis Fiore. All Rights Reserved.