A password is used to log in to most websites and services. But why do people tell you that “potato” isn’t a good password to use? And why should you use a different password for every website?<\/p>\n\n\n\n\n\n\n
I’ll keep this section short, but there’s a few things you *need* to know for this part.<\/p>\n\n\n\n
Don’t worry, this isn’t math. The theory behind it is math, but I’ll try to skip most of it.<\/p>\n\n\n\n
First, we’ll explain what a *hash value* is. A hash value is a kind of word with a fixed amount of characters. Here, we’ll use a popular hash value length of 16 characters. An example of such a hash value looks like this:<\/p>\n\n\n\n
c257d3eea046aff0d2613da918ca424d<\/strong> <\/p>\n\n\n\n It doesn’t make any sense to a human, it’s just the result of a mathematical calculation.<\/p>\n\n\n\n This hash value is the result of a so-called hash function<\/strong>. A hash function is nothing more than a mathematical function that asks for anything, usually a word, sentence or even a password, and uses it mixed with some black magic to generate a hash value. Examples include:<\/p>\n\n\n\n As you can see, even if we use a long password, the length of the hash value doesn’t change. Why is this useful? Imagine this:<\/p>\n\n\n\n Say you have a hash value length of just 1 character. Say the words potato<\/strong> and password<\/strong> both result in a hash value of B<\/strong>. Now, if you just saw this B, could you tell me which word was used?<\/p>\n\n\n\n No, you couldn’t, and that’s the most important thing we use hash functions for. Every hash value has an infinite amount of words that have it as result. If I gave you the hash value from the beginning, could you tell me which word I used? No, no one can. The only way to get to the hash is to know what word I used.<\/p>\n\n\n\n (Note: I said there are an infinite number of words that result in the same hash value, and that’s true, but there are a *lot* of combinations you’d have to try. For the most popular hash function you’d need to try 13,407,807,929,942,597,099,574,024,998,205,846,127,479,365,820,592,393,377,723,561,443,721,764,030,073,546,976,801,874,298,166,903,427,690,031,858,186,486,050,853,753,882,811,946,569,946,433,649,006,084,096 different words before you have a chance (which is close to the amount of atoms in the universe), so attempting it is futile. If you’re feeling smart, do try to find out what sentence I used at the beginning. The hash function is called MD5.)<\/p>\n\n\n\n That was a lot of math, wasn’t it? Let’s ease up now. To sum up:<\/p>\n\n\n\n Some of you might say “But wait a second! You listed some above, so I know for sure that 8ee2027983915ec78acc45027d874316<\/strong> is the hash value of potato<\/strong>!” And yes, you’re completely right! This is an important point and we’ll get back to it later.<\/p>\n\n\n\n What are hash functions useful for? Imagine this: You log into a website with a username and a password, which saves both. The website data gets out somehow, and now you have your password on the internet. Ugh.<\/p>\n\n\n\n But imagine if the website didn’t save your password, but just the hash value<\/strong> of your password! That way, if the data got out, no one would know your password because they just knew the hash values (and remember, you can’t know what word it was generated with)! In fact, this is how websites these days work.<\/p>\n\n\n\n Now, if you can’t know the word that was used, why do we need to use good passwords? I can just use potato<\/strong>, and no one will know because the password is hashed! Right?<\/p>\n\n\n\n …but wait a second. I listed the hash value of potato<\/strong> up there. It’s no longer secret. If people just search for 8ee2027983915ec78acc45027d874316<\/strong>, they will find this and know it’s the result of potato<\/strong>!<\/p>\n\n\n\n This is how it works in the real world. Surely you have seen articles about “These are the 10 most used passwords<\/em>” and so on. All the evil people do is take a list like that (for example this one<\/a>), generate the hash value of each of them, and then they have a list! Try it yourself here<\/a>! Take each of the hash values in the list above and paste them into the site. You’ll see that only one of them cannot be found, and that is the long complicated password! (of course, at some point the website will find it, because I just posted it here.)<\/p>\n\n\n\n I didn’t even have to tell you, because you just saw with your own eyes that more complicated passwords are more secure!<\/p>\n\n\n\n Now, why should you use different passwords on different sites? Because, as it turns out, programmers are lazy. Why use this fancy pants hash thing if you can just save the password<\/a>? No one will hack us anyways, right?<\/p>\n\n\n\n …even the best hash function can’t save you if it isn’t used.<\/p>\n\n\n\nThe useful part<\/h2>\n\n\n\n
Different passwords<\/h3>\n\n\n\n
Summary<\/h2>\n\n\n\n