this post was submitted on 05 Jul 2024
94 points (99.0% liked)

Cybersecurity

5700 readers
291 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Zomg 1 points 4 months ago* (last edited 4 months ago)

The databases aren't encrypted exactly...

The DB don't even store passwords, but a hash of a user's password. When someone logs in, their password is hashed and compared to what's stored in the DB. If they match, entry is granted.

Passwords stored as one-way hashes are cracked by generating passwords and running them against the same hash algorithm, like sha256, sha-1 or md5 if you're especially shitty at protecting information. Same hash = same password in most cases. The cracking is done using GPUs because they accelerate at those types of functions. This doesn't even consider salted hashes which make the process more difficult for an attacker.

You do this locally so that you don't lock a username out or trip alerts or become noticed by someone until you're ready to gain access.