0

I'm trying to understand encryption vs hashing. Right now, I understand that with encryption, if you have the key, you can decrypt a ciphered text back to its original form. With hashing, it's a one way process. Knowing this, it's not clear to me how you can verify that a user entered the correct password. Do you hash what they provided with the algorithm, salt, and iterations, and see if it matches the stored hash?

Also some explanation to differentiate the terms 'hash', 'hashkey', and 'key' in this area would be nice.

ladyboyclown
  • 23
  • 2
  • Yes, you hash what they provided and compare the result. (That's why the stored password hash includes the parameters used to create the hash.) – rici Oct 27 '22 at 17:47
  • 2
    Does this answer your question? [What is password hashing?](https://stackoverflow.com/questions/1602776/what-is-password-hashing) – thedemons Oct 27 '22 at 17:48
  • Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. – Community Oct 28 '22 at 08:45

0 Answers0