Password hashing: An alternative to cleartext storage of passwords as original input characters– the hashing process algorithmically generates a new hash (or digest). (Auth0’s Tutorial Here)
Hashing principles:
Deterministic
Feasible to generate (practically and computationally)
Difficult to reverse-engineer with only the hashed value (“small” input changes have “large” output changes)
Best practices change with increased availability of computing power or from known security flaws
Some hashing methods can lead to uniform hash length despite variable input size (SHA-256 uses hexadecimal representation)
Commonly used algorithms include: SHA (Secure Hash Algorithms); MDx (Message Digest);
salting: The backend addition/relation of a string to a password to increase complexity. Can be done on an individual user basis. Mitigates the deterministic vulnerability of hashes.
Collision Attacks make use of the fact that multiple inputs can have the same hash, leading to potential validation of incorrect or harmful data.