It does a fast hashing algorithm in a loop, many, many times. val = hash(val)
. We configure how many times.
It's good for it to be slow, because the good guys only hash once, while the bad guys have to run it millions of times. So if we can force each run to be several seconds, then brute force doesn't work so well.
Yes, but it's the same meaning.
It replaces the password. So instead of storing "secret2023" we store 6a3c93c34fbfdc6727c19eb6df7836da
There are several commonly used algorithms. I used MD5 there.
The second insert doesn't work because username
is
a key, and so you can only have one row with that
key. Fred and George can't both have that username.
The updated code catches the error that is raised and informs the user
The database keeps track of the last auto_increment value generated in that connection. So as long as the connection persists, it doesn't matter how many others have signed up concurrently.
I think you overlooked this code:
Not necessarily. Or you could put other things in that table. The unix login database has values for username, uid, gid, real name, home directory and shell.
No. There are operations that destroy information. For example, if we take the XOR of 1010 and 1100 to get 0110, it's not possible to look at 0110 and reverse it to get the two arguments. They might just as easily have been 0110 and 0000 or 1001 and 1111 or ....
Here's the MD5 algorithm
Great question. The representation is designed to avoid ambiguity like that.
It's a prefix code, which means that when it reads \xe4\xbd it either knows that that is a valid 2-byte symbol or the prefix of a valid 3-byte symbol. Never both.
Morse code, for example is not like that. Is .... an H or II or even EEEE?