Magic Numbers
/What use is 5ebe2294ecd0e0f08eab7690d2a6ee69?
Actually, quite a lot. Particularly if you have lost the password to your website and you need a value to put in the password table. Which is what I did last week.
We tell people never to write down passwords, but that still leaves us with the problem of what the server does to remember them. The server has to “write down” the password so that it can be compared with whatever the user types in to gain access to the site.
The problem is solved using a technique called “one way” encryption. This takes whatever you give it and converts it into gibberish. It is called one way because the idea is that it is very hard to take the gibberish and work out what it originally meant. Sort of like the notes that I take during meetings, but more useful.
When someone logs in the password that they type is passed through the same encryption process and compared with the gibberish in the password file. This means that anyone stealing the password file from your server ends up with a file full of gifbberish which they can’t easily convert into the actual passwords that were entered. This is why your sysadmin can’t tell you what your password is, because they don’t have that information. They can give you a new password though, because they can take some text and run it through the encryption before storing it against your username.
So, if I am stupid enough to forget a password I’m sort of stuck. Which is where 5ebe2294ecd0e0f08eab7690d2a6ee69 comes in. The one way encryption that is used most is called MD5. If you take the word “secret” and run it through MD5 you get the block of gibberish you see above. I put that into my database in the right place and, hay presto, I was able to log in with the password “secret”.