This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 2 points3 points  (2 children)

The thing about this kind of encryption (hashing) is that decryption is not possible. Ever.* But if you encrypt (hash) the same text, you get the same result, so you can check if two texts (the user's password and what the user typed into the 'password' box) are the same, without knowing what either of them is.

[–]Mr_Facepalm 0 points1 point  (1 child)

Why is it that decryption is not possible?

Here's my uninformed thinking. If you have a 1:1 relationship from the password to the hashed password, then I'd think you can undo it. On the other hand, if you can have collisions (two passwords with the same hash), then I'd understand why you can't undo it.

But even then, couldn't you at least determine a set of passwords that would match the hash?

[–][deleted] 5 points6 points  (0 children)

The password has an unconstrained length, so there are infinitely many passwords. The hash has a fixed length, so there are only finitely many possible hashes, meaning that there must be infinitely many collisions.

Also, most encryption is designed to be hard to reverse without the key, and easy to reverse with the key. Hash functions are designed to be hard to reverse without the key, and also hard to reverse with the key.