2

Although it seems like trivial that developers should hash the credentials before saving to a database, I can't understand why is this needed.

Passwords were invented to keep some users from seeing some private data, which belongs to someone else. For example, chat applications make use of passwords to only let aithenticated users see and send messages.

Say one such application holds the passwords in plain text. If a hacker gets access to the database, they will be able to both see the data, and change it.

Now say that the passwords are held hashed. This should not change anything, since if the attacker gets access to the database, even though they cant see the actual passwords, they should be able to both see the data, and again, change it.

With these lines of reasoning, one can argue that, the second case is more advantageous when attackers can only see the data, and not change it. But, if the attackers can both see and change the data, then hashing would be useless.

What is the rationale behind hashing then?

Deniz Basgoren
  • 73
  • 6
  • 2
    I'm voting to close this question as off-topic because it's not about programming – jonrsharpe Dec 25 '18 at 20:43
  • 3
    But hashing prevents hackers from easily accessing the plaintext passwords; it matters because passwords are *frequently reused elsewhere*. – jonrsharpe Dec 25 '18 at 20:44
  • See https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords – kelalaka Dec 25 '18 at 20:50
  • I dont think that it is the developers' responsibility to keep others' websites safe. If a user uses same password on all websites, then it is their fault, not developers'. just as when they pick "password" as password – Deniz Basgoren Dec 25 '18 at 20:52
  • 2
    Well, then it is not the responsibility of the police to protect you, too. There application/methods for generating passwords for different sites. Read the link I commented. And, if you are not satisfied please ask at [Information Security](https://security.stackexchange.com/) – kelalaka Dec 25 '18 at 21:11

2 Answers2

1

There are many ways passwords can leak and it is much easier to get read access to the database, than write access.

  1. With SQL-injection an attacker can get read access to the database, so he can see the hashes, but he cannot use them to login.
  2. On thrown away backups and discarded servers one can often find sensitive data, once again this is read-only, one cannot use the learned password to impersonate a user.
  3. Passwords are often reused, learning a plain text password on site A can make it easier to login on site B. Again a hash is preventing this.
martinstoeckli
  • 23,430
  • 6
  • 56
  • 87
1

People tend to reuse passwords. Imagine someone hacked moddedandroid.ru so someone can log in to your stackoverflow account.

tomitheninja
  • 497
  • 2
  • 13