Back to course

Password Cracking I: Terminology (Hashes, Salts)

Cyber Security Mastery: From Zero to Hero

The Fundamentals of Cracking

Password cracking is the process of recovering a password from its encrypted form (the hash). This usually occurs after an attacker has stolen a database of hashes.

Hashes (Review)

A hash is a one-way representation of data. Modern systems use functions like SHA-256 for password hashing. We cannot reverse the hash directly.

Salting

Before hashing, a unique, random string called a salt is added to the password. Password + Salt = Hashed Password.

  • Why Salt? Salting prevents attackers from using rainbow tables (pre-calculated hash lists). Since every user has a unique salt, the same password (e.g., '123456') yields a different hash for every user, requiring the attacker to crack each hash individually.