Password Hashing
تجزئة كلمات المرور
Definition
The process of transforming passwords into irreversible fixed-length strings using purpose-built slow hashing algorithms — so that stored passwords cannot be recovered even if the database is stolen.
عملية تحويل كلمات المرور إلى سلاسل ذات طول ثابت غير قابلة للعكس باستخدام خوارزميات تجزئة بطيئة — بحيث لا يمكن استرداد كلمات المرور المُخزَّنة حتى لو سُرقت قاعدة البيانات.
Why It Matters
If you store plaintext passwords or use fast hashes (MD5, SHA-1), a database breach immediately exposes all user passwords. With bcrypt, cracking each hash requires months of GPU computation.
إذا خزّنت كلمات المرور النصية أو استخدمت تجزئات سريعة، يكشف اختراق قاعدة البيانات جميع كلمات المرور فوراً. مع bcrypt، يتطلب كسر كل تجزئة أشهراً من حساب GPU.
Full Definition
Example Usage
“If you store plaintext passwords or use fast hashes (MD5, SHA-1), a database breach immediately exposes all user passwords. With bcrypt, cracking each hash requires months of GPU computation.”
“إذا خزّنت كلمات المرور النصية أو استخدمت تجزئات سريعة، يكشف اختراق قاعدة البيانات جميع كلمات المرور فوراً. مع bcrypt، يتطلب كسر كل تجزئة أشهراً من حساب GPU.”
AI Builder Tips
Avoid these mistakes when using Password Hashing:
Using MD5 or SHA-256 for passwords → These are designed to be fast, making GPU brute-force trivial. Use bcrypt (cost 12+) or Argon2id instead.
Not using a salt → Without salting, identical passwords produce identical hashes, enabling rainbow table attacks. Always generate a unique random salt per password.
Using a global salt (pepper) instead of per-user random salts → A single leaked pepper compromises all passwords at once. Use per-user random salts.
Sign in to unlock guided AI explanations from AI Teacher.
Generate a Prompt
Copy this prompt and use it directly with any AI model — no setup needed.
Help me build a project using Password Hashing. Explain: 1. What is Password Hashing and why it matters 2. The core architecture and required tools 3. Step-by-step implementation plan 4. Common mistakes to avoid: Using MD5 or SHA-256 for passwords → These are designed to be fast, making GPU brute-force trivial. Use bcrypt (cost 12+) or Argon2id instead., Not using a salt → Without salting, identical passwords produce identical hashes, enabling rainbow table attacks. Always generate a unique random salt per password., Using a global salt (pepper) instead of per-user random salts → A single leaked pepper compromises all passwords at once. Use per-user random salts. 5. Best practices and production tips
Official Resources
No official documentation link on file for Password Hashing yet.