UK tech experts · info@vividrepairs.co.uk
Vivid Repairs

Glossary/cybersecurity

Password Hashing

A cryptographic process that converts passwords into fixed-length strings of characters, making them unreadable and irreversible. Hashing ensures that even if someone accesses a database, they cannot recover the original passwords.

Also known as: password hash, cryptographic hash, bcrypt, password hashing algorithm

Password hashing is a security technique that applies a mathematical algorithm to a password, transforming it into a unique string of characters called a hash. Unlike encryption, hashing is a one-way process: you cannot reverse the hash to retrieve the original password.

When you create an account, the service hashes your password and stores only the hash. When you log in later, the system hashes what you type and compares it to the stored hash. If they match, you gain access.

Why it matters: If hackers breach a database, they get hashes rather than passwords. A strong hash function makes it computationally expensive to reverse-engineer passwords, protecting users even when databases are compromised.

Common hashing functions include:

  • MD5 and SHA-1: Outdated and insecure for passwords
  • SHA-256: Better, but still vulnerable to brute force attacks
  • bcrypt, scrypt, Argon2: Modern algorithms designed to be deliberately slow, making attacks impractical

What to watch for: Weak hashing functions offer false security. Services using MD5 or unsalted hashes provide minimal protection. Reputable services use modern algorithms that incorporate salts (random data added to passwords before hashing), which prevent attackers from using pre-computed hash tables.

As a user, you cannot control whether a service hashes passwords well, but you can choose services with transparent security practices and use unique passwords everywhere. This way, if one service suffers a breach, your other accounts remain protected.

← All glossary entries