Probably not the best for this, but to make an attempt:
So when you store a password you don’t (or at least shouldn’t) store the actual password.
Because of some magic some math wizards cobbled together a good while ago, we have some algorithms that take a blob of information and chop it all up in unique (or at least close enough to be called unique) ways. These algorithms make it such that changing a tiny piece of input has a major change on output. This whole thing is called “Hashing”.
So anyway, we don’t store the actual password (“in the clear”), instead we store “hashes” of passwords.
One of the first adopted standards for hashing was Message Digest 5 (MD5). At the time (80’s if the memory serves), it was reasonably effective for all the things it was needed for.
But over time, we’ve found weaknesses in it. On modern hardware, its not overly difficult to figure out all the password length things that could have been used as input to generate a given hash.
Nowadays, there’s more secure hashing algorithms, but to support legacy software, MD5 is still used. TBH, I don’t think it’s as big of a deal as the article makes it seem for personal use gear. Its once you step up to small business stuff (where multiple people have access to the same hardware).
Other commentors have brought up salting, which is a decent way to help with security. Its where you add known info to the password before hashing to make determining the “real” password more difficult.
Probably not the best for this, but to make an attempt:
So when you store a password you don’t (or at least shouldn’t) store the actual password.
Because of some magic some math wizards cobbled together a good while ago, we have some algorithms that take a blob of information and chop it all up in unique (or at least close enough to be called unique) ways. These algorithms make it such that changing a tiny piece of input has a major change on output. This whole thing is called “Hashing”.
So anyway, we don’t store the actual password (“in the clear”), instead we store “hashes” of passwords.
One of the first adopted standards for hashing was Message Digest 5 (MD5). At the time (80’s if the memory serves), it was reasonably effective for all the things it was needed for.
But over time, we’ve found weaknesses in it. On modern hardware, its not overly difficult to figure out all the password length things that could have been used as input to generate a given hash.
Nowadays, there’s more secure hashing algorithms, but to support legacy software, MD5 is still used. TBH, I don’t think it’s as big of a deal as the article makes it seem for personal use gear. Its once you step up to small business stuff (where multiple people have access to the same hardware).
Other commentors have brought up salting, which is a decent way to help with security. Its where you add known info to the password before hashing to make determining the “real” password more difficult.
It was the early ’90s, 1992 to be more precise.