How databases store passwords securely

Table of Contents
  1. The server transforms the password using a hash function to create the fingerprint
  2. The database stores only the fingerprint and not the password
  3. The one-way hash function prevents retrieval of the password from a fingerprint
  4. The system regenerates the fingerprint whenever the user enters a password
  5. The system compares the regenerated fingerprint against the stored value to provide access
  6. But it’s possible to find the password from a fingerprint using the rainbow table
  7. A rainbow table is a map from pre-computed fingerprints to passwords
  8. So the system adds salt to the password to invalidate rainbow table values
  9. A salt is a unique random string
  10. The database stores the salt alongside the fingerprint
  11. The server combines the password with saved salt to regenerate a fingerprint

TODO

Break down each of the concepts from this node

Links to this note