Cybersecurity CS Thinking Example 4

Follow the full solution, then compare it with the other examples linked below.

Example 4

hard
A company suffers a data breach exposing customer emails and hashed passwords. Explain why hashing passwords (rather than storing them in plain text) limits the damage. What is the difference between hashing and encryption?

Solution

  1. 1
    Step 1: Hashing is a one-way function: password โ†’ hash. You cannot reverse a hash to get the original password. Even if attackers get the hash database, they cannot directly read the passwords.
  2. 2
    Step 2: Encryption is two-way: data โ†’ encrypted data โ†’ original data (with the key). Hashing has no key โ€” it cannot be 'decrypted'. This is why passwords should be hashed, not encrypted.
  3. 3
    Step 3: Attackers can still try to crack hashes using rainbow tables (precomputed hash lookups) or brute force. Defence: use salting (adding random data before hashing) to make each hash unique even for identical passwords.

Answer

Hashing is one-way (cannot be reversed); encryption is two-way (can be decrypted). Hashed passwords limit breach damage because attackers cannot directly read them. Salting prevents rainbow table attacks.
Password hashing is a critical security measure. Understanding the difference between hashing and encryption, and the role of salting, is essential knowledge for anyone building systems that handle user credentials.

About Cybersecurity

The practice of protecting computing systems, networks, and data from unauthorized access, attacks, and damage. Cybersecurity encompasses three core goals: confidentiality (only authorized users can access data), integrity (data is not tampered with), and availability (systems remain operational).

Learn more about Cybersecurity โ†’

More Cybersecurity Examples

Example 1 easy

Name three common cyber threats and describe how each works.

Example 2 medium

Explain three methods of protecting against cyber attacks: encryption, authentication, and firewalls

Example 3 medium

Explain what social engineering is and give two examples. Why is it effective even against systems w

โ† All Cybersecurity Examples Cybersecurity Concept