• Zomg@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    4 months ago

    The databases aren’t encrypted exactly…

    The DB don’t even store passwords, but a hash of a user’s password. When someone logs in, their password is hashed and compared to what’s stored in the DB. If they match, entry is granted.

    Passwords stored as one-way hashes are cracked by generating passwords and running them against the same hash algorithm, like sha256, sha-1 or md5 if you’re especially shitty at protecting information. Same hash = same password in most cases. The cracking is done using GPUs because they accelerate at those types of functions. This doesn’t even consider salted hashes which make the process more difficult for an attacker.

    You do this locally so that you don’t lock a username out or trip alerts or become noticed by someone until you’re ready to gain access.