Extracted from xkcd: https://xkcd.com/538/

Remember the good old days when you were passing love notes to your crush across the classroom? Chances are you’ve had to pass that note to your friend > another friend > and another friend before it reaches your crush. And friends are the worst; you can’t trust them with your secret message. In response, you probably established some kind of code between you and your crush beforehand. The message makes sense to both of you but appears as jibberish to the people in between. That’s what we called encryption.

🚨 JARGON ALERT: Encryption and hashing are similar; they make words become jibberish. The difference is encryption is reversible, while hashing is (almost) irreversible. For passwords, we use hashing.

HOW PASSWORDS ARE STORED IN COMPANIES

Plain text (Can you hear me shaking my head?) Hashed passwords Salted hashed passwords

Responsible companies hash your passwords. They take the password you type into their sign-up page, make it jibberish, then store those jibberish words into their database. In the event a hacker flirts with your database administrator and gains access to the database, all he’ll see is just the jibberish stuff. They can’t just copy your jibberish password and paste it into the login page because the algorithm will make a jibberish out of the jibberish word. I’ll let that sink in.

How making a jibberish out of a jibberish word protects you from hacker

Even more responsible companies salt your passwords. Meaning, they “add random characters at random position” to your password entries before sending it for hashing. For example, you enter a shitty password — “Password”. With salting, the algorithm probably adds a few characters to it till it becomes something like this “xyzPassword123”. “Password” is in the dictionary, however, “xyzPassword123” is not. This makes guessing the actual password way tougher ☝️.