· 2 min read
How computers generate passwords
A brief discussion of how a computer creates a password with three components: random numbers, hashing, and salting.
Generating a password involves three key components: random number generation, password hashing, and password salting. In the following sections, we expore each of this components.
Random number generation
A random number generator (RNG) is a device or algorithm that produces a sequence of numbers that can’t be predicted. RNGs can be hardware-based or pseudo-random number generators (PRNGs). PRNGs, used by computers, start with a number called a seed. The algorithm processes the seed and gets a new number with no traceable connection to the old, and the new number becomes the next seed.
Password hashing
Password hashing is the process of converting a password into an unrecognizable series of characters. This is done using a hashing algorithm. The hashed password is stored in a password database, and when you log in a web site, the password that you enter is hashed and compared to the stored hash. If they match, your access is granted. Hashing is secure because it’s a one-way operation. Given a hashed password, there’s no efficient way to reverse-engineer it to get the original password.
Password salting
While password hashing is a key step to protecting passwords, it’s not infallible because a hash algoritm produces a hash in a consistent way. This means it is predictable and can be beaten by dictionary attacks or rainbow table attacks. To protect against this, we add a salt to the password.
A salt is a string of random characters added to each password before it’s hashed. Salting enhances the uniqueness and difficulty of generated password hashes. Before hashing the passwords, salts are added to either the end or the beginning of the original password value. This creates unique passwords even when multiple people use the same password.
Wrapping up
The process of generating a secure password involves a combination of random number generation, password hashing, and password salting. Each of these steps contributes to the overall security of the password, making it difficult for malicious actors to gain access to your accounts. While these steps in password generation are important, your best defense against someone hacking your password is to follow these best practices.
- security
- passwords