What Is Hashing?
Over the years, tech has revolutionized our daily lives and created amazing resources from which we can get useful information at our fingertips that make our lives faster and easier. We can get almost every piece of information from the web in a fraction of seconds. We all are familiar with the authentication of the user before fetching any data/information or performing any update to your data on websites like Facebook, Twitter, StackOverflow, and many more where you authenticate yourself and access the data.
But how do you authenticate yourself? just bypassing username and password, you can log in to your account and access data, right? Now the question arises here, How much secure your data is?
Billions of records of personal information are stolen every year by a Cybersecurity attack, just because hackers crack your password and steal all the information from your account. So, can we say that this is the mistake of the user? No, because when you login into your account your username and password get stored in the backend and hackers steal the password from the backend. So, this is the responsibility of the backend team that how they secure your password such that nobody can crack your password.
This is where Hashing came into the picture. There are many different techniques and algorithms used by most companies to secure our passwords. Let's talk about Hashing.
What is Hashing?
Hashing is a one-way function that maps our data into fixed lengths. It converts any form of data into a unique string of text. Let’s understand with an example-
Suppose, I am using Paytm as my username and password, So the hashed value of the password i.e. Paytm will look like-
Paytm - yqegdmvosuiiaycbghjhtslkaiu
Now, suppose we use the same password for our social networking like Facebook, Twitter, the same hash value for our password will be saved in the data centers. if the hacker steals your password from the data center then there may be a chance that your both accounts may be hacked. The disadvantage of the hashing is it generates the same hash value if we are using the same password for different accounts. This is where the Salting algorithm came into the picture.
What is Salting?
In the above example, we see that the same hash value gets generated for the same string i.e.Paytm, same hash values for password means our accounts are not secure. To overcome this problem we use the Salting algorithm.
Salt is random data used as an additional input data that hashes the data. To make it simple let's take the same example- we have seen the hash value of the string Paytm above. So, Salting is nothing but the random data that is added to the hash value.
In the above example, random numbers are added to the hash value. Every time it will generate a random code for the same string or we can say every time a new hashed password will be generated. When salt is added to the hash value our password becomes more secure.
To understand Hashing more clearly, Let’s walk through the code example in which we add our string password and that password will be converted to the hash using bcrypt Library.
What is bcrypt?
bcrypt is a node library that hash the passwords. You can read about bcrypt on Wikipedia-
You need to install this library via NPM. Use the following command to install bcrypt.
npm install bcrypt --save
The following example illustrates code to hash the string value using bcrypt.
You will get the following output on the console.
If we observe the output of the password in Fig-2 we are getting three $ characters which are dividing the whole hash value into 3 groups. Let’s understand one by one.
- $2b$ identifies the version of the bcrypt algorithm.
- $10$ 10 is the cost factor(salt rounds) that we pass in the above code example i.e. bcrypt.genSalt(10);. if we add 15 inside the parenthesis then there will be a 15 salt round to generate random salt data.
- The third part is the first 22 characters after $ that is the salt string.
The remaining characters are the hashed password.
So, finally, we get the HashedPassword that secures our data from hackers. Even if an attacker hacks the password they can not Breach data and login as the victim.
You can go through the StackOverflow solution also —
With that said, the majority of the time you can and should use the hashing algorithm to secure your data, and moreover, you can use any library to hash the data of the user for better security.
Keep reading and Keep learning!!!