Hashing

Let's look at a simple example of hashing. Suppose that a user has the following password:
passw0rd!

If we directly store this text in the database, we will have a major security vulnerability.

passw0rd! → database
(⚠️ Bad idea! ⚠️)

So instead, we can first run the password through a one-way function that produces a jumbled up piece of text (which has no obviously discernible relationship to the original password). That jumbled up piece of text is the hash, and it might look something like this:

passw0rd! → hashing function → @kdF3lkAWoLA

So when the client interacts with the server, rather than directly sending the password, the client can instead send the hash:

passw0rd! → hashing function → @kdF3lkAWoLA → stored in database

This way, if someone gains access to the database, they will still not have access to the plain-text password.