3. ELI5: For most websites, when you enter your login info incorrectly, why can't t...

ELI5: For most websites, when you enter your login info incorrectly, why can't the website tell you specifically whether the username or the password is incorrect?

That would be the same if you had a plain-text password column on the user table.

If the site stores plaintext passwords then you can do a single database call - "fetch record where username='foo' and password='letmein' ". Doing that means if either the username or password is incorrect you get no records back and don't know why.

However...

the hashed password comparison doesn't match, you still don't really know if it was the username or password that's wrong, for sure. The password might be correct for sar, and it's the username that has a typo.

That's true if the site is just hashing, but that's only a small step up in security terms from just storing as plain text, and no site should be doing it.

Instead passwords should be salted, which is like taking a password and adding an extra random string to it. That means the record in the db becomes

user='sat' salt='8m072b3s5' password=hash(bestpassword8m072b3s5)

Because of that salt you can't just check for "user='sat' and password=hash(bestpassword)" in one go, you have to first load the user, then add their salt to the password, then check if the password is correct.

/r/explainlikeimfive Thread Parent
Previous
Next

Recently removed from /r/explainlikeimfive

Eli5 What’s the difference between declaring bankruptcy and just being broke? Eli5: How do music producers (Especially Hip Hop producers) sample a stem from a song without taking the rest of the song with it? ELI5: Why is a 12V battery in a car so dangerous to short circuit but a normal 12V battery is harmless? ELI5: How do our brains remember things? ELI5 Why do we feel pain and how does our body know when to stop feeling it? ELI5: How are you able to go to bed super hungry, but wake up the next morning and not feel the need to eat anything? ELI5: where is the ringing noise coming from with tinnitus?? can’t google because it thinks im asking how people get tinnitus… Eli5 - Why do shows like American Idol and The Voice have such a low rate of producing/finding people who can be a commercial success? ELI5: What are "deductibles" in the context of medical insurance? If you're paying insurance, why do you still get charged an often large part of your medical expenses when you have an accident? ELI5 is looking for new moderators! ELI5 How do alligators & crocs, too I suppose, swim underwater in sandy, marshy water and not react to sand getting in their eyes? eli5: In the days of muskets, why did armies March straight towards each others fire? ELI5: Why do certain countries have ridiculous amount of hydrocarbons(oil and natural gas) and the countries right next to them have virtually none? Eli5: what exactly is a virus and are viruses alive? ELI5: How does a variable-yield nuclear weapon work to allow the operator to control the strength of the explosion?

More Random Comments

Be selective with your thoughts Advice - ddressing racial diversity in my story [Weekly Discussion and Question Thread] Post Here with Simple Questions, Conversational Topics, or Requests for Guidance New Rules Regarding Playlists & Articles Is the instruction in CS 225 particularly bad? ‘Untold human suffering’: 11,000 scientists from across world unite to declare global climate emergency. ‘Despite 40 years of major global negotiations, we conduct business as usual and have failed to address this crisis,’ group says. How should I play this character? The Real Reason Tier Sets Were Removed [Serious] Why does everyone besides RLM give Rogue One a pass? Here's the deal: "Show me your ID or go to jail" Flexible Spider-Man Dispensary put someone else's patient info on my meds. Should I start masturbating? Budgeting app for couples, Can't seem to find what will work for us Relevante ao momento da nossa justiça