In the previous post, we learned about hashes. Its main feature is that it is a one-way function. If you hashed your password, you could not recover your password from the hash. That's what mathematics tells us. But hackers found out a way to overcome this constraint, in some cases. Let's find out how.

First of all, there are different hashing algorithms, around 2-3 dozens. The most known are MD5 and SHA256. For my example, let's choose one of them - SHA256.

Hash from the password "qwerty" is "65e84be33532...". If I only know the hash, can I recover the password? No. What I can do, I can take all common passwords people use, calculate hashes from them all and put them in a table. These tables are called Rainbow tables.

This table will have millions of passwords, millions of rows and would require millions of calculations, but is it a problem in today's world?

Next time I find hash somewhere, I can quickly search for it in my table, and if I am lucky enough (if someone used a common password), I will instantly get an original password. Just like that.

Why cannot I calculate hashes from all possible words and store them in an enormous table and quickly restore any password? Because it takes forever for modern computers to calculate hashes from so many possible passwords. So this method only works if you use a common password.

Obviously, based on what you read above, never use common passwords.