Password Hashing Lab

Attacker

External perspective

$ Waiting for defender configuration...

Defender

Configuration surface

Password

Salt

Algorithm

Iterations

Current cost: 10,000 iterations of SHA-256.

Hash Output (256-bit)

Length: –

Storage Model

algo$iterations$salt$hash

Record will appear here once a hash is generated.

Recent Events

Timeline

Hashing activity, configuration changes, and risk signals will appear here as you interact with the lab.

Fundamentals

Concept

From raw passwords to irreversible digests.

This phase focuses on the core idea of password hashing: transforming a human-chosen secret into a fixed-length, irreversible digest. The goal is to ensure that even if an attacker steals the database, they cannot easily recover the original passwords.

Attacker perspective

The attacker wants direct access to raw passwords or weakly protected hashes that can be reversed or guessed quickly.

Defender objective

The defender wants to ensure that no raw passwords are ever stored and that hashes are produced using modern, collision-resistant algorithms.

What you might observe

The same password and algorithm always produce the same hash.
Small changes in the password completely change the resulting hash.
Hash length is fixed for a given algorithm, regardless of password length.