How Database Stores Passwords Securely

By /

Listen to this Post

Databases store passwords securely using a combination of cryptographic techniques to prevent unauthorized access. Here’s a breakdown of the process:

  1. Hashing: The server transforms the password using a one-way hash function (e.g., SHA-256, bcrypt) to create a unique fingerprint.
  2. Salting: A unique random string (salt) is added to the password before hashing to prevent rainbow table attacks.
  3. Storage: The database stores only the hashed password and salt, never the plaintext password.
  4. Verification: When a user logs in, the system rehashes the entered password with the stored salt and compares it to the stored hash.

You Should Know:

1. Generating a Secure Hash (Linux/Windows)

  • Using `bcrypt` (Linux): 
    Install bcrypt (Python) 
pip install bcrypt

Generate a hashed password with salt 
python3 -c "import bcrypt; print(bcrypt.hashpw(b'yourpassword', bcrypt.gensalt()))"

  • Using PowerShell (Windows): 

    Generate SHA-256 hash 
$input = "yourpassword" 
$hashed = [System.BitConverter]::ToString((New-Object System.Security.Cryptography.SHA256Managed).ComputeHash([System.Text.Encoding]::UTF8.GetBytes($input))) 
Write-Output $hashed

2. Adding Salt Manually

  • Bash (Linux): 

    Generate a random salt 
salt=$(openssl rand -hex 16) 
echo "Salt: $salt"

Hash password with salt 
passhash=$(echo -n "yourpassword$salt" | sha256sum | awk '{print $1}') 
echo "Hashed Password: $passhash"

3. Preventing Rainbow Table Attacks

  • Always use unique salts per user.
  • Use slow hashing algorithms like bcrypt, scrypt, or Argon2.

4. Storing Hashes in a Database (SQL Example)

CREATE TABLE users ( 
id INT PRIMARY KEY AUTO_INCREMENT, 
username VARCHAR(50) UNIQUE, 
password_hash CHAR(64), -- SHA-256 hash 
salt CHAR(32) -- Random salt 
);

5. Verifying Passwords in Code (Python)

import bcrypt

Stored data (from DB) 
stored_hash = b'$2b$12$saltandhash...' 
user_input = "userpassword"

Verify 
if bcrypt.checkpw(user_input.encode(), stored_hash): 
print("Access granted!") 
else: 
print("Invalid password!")

What Undercode Say

Password security is critical in system design. Always:

  • Use strong hashing algorithms (avoid MD5/SHA-1).
  • Implement per-user salts.
  • Rate-limit login attempts to prevent brute force.
  • Consider pepper (a global secret key) for extra security.

Expected Output:

Hashed Password (SHA-256 with Salt): a1b2c3... 
Stored in DB: { hash: "a1b2c3...", salt: "s1a2l3t..." }

Reference:

References:

Reported By: Nk Systemdesign – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: