Search tools and guides ⌘K
Semicolony ELI5 · comic

Password hashing & salting.

Store a fingerprint of the password, with grit mixed in so two alike never match.

  1. Save it as-is? No.
    hunter2 never store it raw
    1

    The cardinal rule: never store the raw password. Ever.

  2. hunter2 9f3a…
    2

    Store a one-way fingerprint instead — easy to make, impossible to reverse.

  3. hunter2 + a8 a1c9… hunter2 + k2 7b3f… same password, different salt
    3

    Mix in random “salt” first, so identical passwords get different fingerprints.

  4. Fingerprints match.
    attempt 9f3a… 9f3a… stored =
    4

    At login, fingerprint the attempt the same way and compare. Match? You’re in.

  5. slow on purpose (bcrypt)
    5

    Use a deliberately slow hash (bcrypt), so guessing billions is painfully expensive.

  6. …useless to me.
    9f3a…7b3f…a1c9… stolen hashes …useless
    6

    A stolen database is now near-useless — just fingerprints, no keys.

Store a salted, slow fingerprint — never the key itself.
Semicolony semicolony.dev/eli5/password-hashing/comic
← All ELI5 explainers