I have a question regarding the purpose of hashing passwords. I understand that hash functions are a one way pseudo random algorithm that turns a string into a seemingly random n-bit string (depending on the hash). Sure, this means that they cannot be reversed to find the original string and they do not need to be stored as plain text in a database. But if the hashed passwords were to be obtained or leaked in any way, what is stopping someone from performing the same hash function on them to crack the passwords? There exist a few number of hash generators online such as MD5, SHA-1 and SHA-256 that anyone can (potentially) use to brute-force or dictionary attack a list of hashed passwords if they wanted to.
Maybe the idea is that one does not know what hashing function was used to generate the hashes? But even then the length of the hash itself could give it away. Maybe it's because hashes take a while to compute? But couldn't online generators speed up the process by mapping lists of words to certain hashes?
Any help or understanding would be greatly appreciated!
