So, hashes are useful because they change password/login name/salt value combinations to a code that cannot be reversed. The client sends this hash to the server. The server compares the hash to a list of stored hashes to see if the client’s user may be granted access.
But how do I prevent a malicious user from intercepting the hashed password and writing his own client that sends this hash to the server?
So, hashes are useful because they change password/login name/salt value combinations to a code
Share
Hashes are useful if someone gets a hold of a backup of your database or gets read only access to the live db. They can’t then work out the password and send it to your live system. This is why you salt them, so that a hacker with read only access can not set his password and then look to see if anyone else has the same password.
As you have pointed out they don’t stop request interception (Man in the middle attacks) to stop that you need to use secure connections with packet encryption and signing. HTTPS & SSL are the most common ways to do this.