Sir what if the password is same

Question

1.20/5 (5 votes)

See more:

regarding hashing
suppose I owe a very big company and there are lakhs involved in computer
there might be thousands having same username and password
one database
how come hashing technique will provide each of the thousand employees with his specific data if the database is oracle or sql server or mysql

What I have tried:

just thought of the possibility

Posted 31-Jul-21 1:42am

Member 12712527

Updated 31-Jul-21 2:40am

Add a Solution

Comments

Richard MacCutchan 31-Jul-21 8:16am

"there might be thousands having same username and password"
Then your design is completely wrong. As with email addresses, each username in your database must be unique. That way, even if two users choose the same password, it will not cause a problem.

Member 12712527 31-Jul-21 8:33am

think like this may not be now but after 100 years it might be possible to think like this that only one for everyone nowadays heavy compitition is going on but later maynt be any competition -- only one for everyone

Richard MacCutchan 31-Jul-21 9:21am

If there are two users with exactly the same username then how do you distinguish one from the other?
Person1: my name is "Fred" and my password is "foobar".
Person2: my name is "Fred" and my password is "foobar".
But Person1 is a senior manager and needs information on all the employees at the plant, and person2 is a cleaner who should not have access to any information.

Your task: how to fix this?

Member 12712527 31-Jul-21 9:25am

simple nowadays AI is becoming day by day prominent at that time AI might be involved with the database

Member 12712527 31-Jul-21 9:37am

sir do you have any other idea

Richard MacCutchan 31-Jul-21 11:21am

Idea about what? You can either do it the right way or dig yourself into a hole from which there is no escape.

PIEBALDconsult 31-Jul-21 10:57am

Passwords needn't be unique, IDs do.

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2021-07-31T02:05:00

Solution 1

Partly, you should salt the password before you hash it - add information that is specific to the user such as the ID number in the DB for example (though you can use the username instead that means it is harder to change later).
The act of salting passwords means that if you have 1000 users with "Password" as their password you get different hashes for each, and naughty people can't spot identical values as assume they are all "Password".

Then you read the hashed value from your DB when they try to log in, and regenerate the hash from the password they enter. Then compare the hashes - if they match, the password is good. If not ...

have a look here: Password Storage: How to do it.[^]

Posted 31-Jul-21 2:05am

OriginalGriff

Comments

Member 12712527 31-Jul-21 8:45am

previously life was hard and thought simple nowadays life is easy and thought complex after 100 years life will be even more simple and thought even more complex nowadays a person has to remember username and password only now sir there might be only one database for everyone after 100 years so sir how come hashing technique would work on that day

OriginalGriff 31-Jul-21 9:11am

Exactly the same way ...
Provided each user identifies himself using a unique method (often the username, but in the case of FarceBook for example where usernames aren't unique you log in with a unique email or mobile number) then you use that to pull the hash back and compare it to the newly calculated value.

If two users have the same login info, then you can't tell them apart and that's a real problem! That's why most systems do not allow duplicate usernames.

Member 12712527 31-Jul-21 9:20am

sir an idea just struck my mind nowadays database needs only username and password to access the database but nowadays AI is becoming day by day prominent it might be like this that at that time the database will also need these two things but at that is time AI would be involved

OriginalGriff 31-Jul-21 9:55am

Who knows what the future will hold?
Systems are moving away from passwords to 2 factor authentication anyway - I need a phone with a fingerprint reader to access my bank account on my PC already!

Work with the tech you have, not what you think might be in the future.

Member 12712527 31-Jul-21 10:04am

hi hi sir i am not very rich i have only a computer and some basic books you forgot i am a shop keeper small shop

OriginalGriff 31-Jul-21 10:50am

How would I know that you have a shop at all?
Remember: we only get exactly what you type to work with: we get no context outside that at all!

Member 12712527 31-Jul-21 10:07am

if you don't help me with your knowledge then it would not be possible for me to withstand longer

Member 12712527 31-Jul-21 9:38am

sir do you have any other idea

Patrice T · Answer 2 · 2021-07-31T02:40:00

Solution 2

Quote:
there might be thousands having same username and password

First thing is that it is a very bad idea to identify user with non unique username.

Quote:
how come hashing technique will provide each of the thousand employees with his specific data

It don't.

The job of a UserId is to uniquely identify a user. and this is the UserId that will give specific data.
The job of a PassWord is to confirm that user on keyboard is the one he pretend by using this UserId.
Hashing is a technique to avoid storing PassWords as plain text in database.
[Update]

Quote:
there might be thousands having same username

Just curious, how will you handle their Emails ?
1 Email address for a thousand users ?
Or a different Email for each user ? and in this case, how do you know which Email for which user with identical name ?

Posted 31-Jul-21 2:40am

Patrice T

Updated 31-Jul-21 7:25am

v3

Comments

Member 12712527 31-Jul-21 8:50am

in hashing i have seen same letter gives the same hashed value so sir how come specific user will get specific data

Patrice T 31-Jul-21 8:54am

The job of a UserId is to uniquely identify a user. and this is the UserId that will give specific data.

Member 12712527 31-Jul-21 9:11am

even after using my way it could be done the idea just struck my mind the idea is nowadays databases are made like this that you've to give only username and password to enter the database but after 100 years AI might be also involved. at this moment it excepts username and password at that time it would also accept username and password but difference is that AI would be involved at that time

Dave Kreskowiak 31-Jul-21 14:08pm

Drop the entire idea of AI being able to uniquely identify users. It doesn't exist and it's not going to exist any time soon.

Member 12712527 1-Aug-21 2:09am

sir now it's absurd but who knows after 50 or 100 years AI might be incorporated in the database

Dave Kreskowiak 1-Aug-21 11:02am

What's going to be possible in 50 to 100 years isn't a concern today.

And it won't take 50 to 100 years to incorporate some form of AI into a database engine.

But it's still not going to allow you to identify different users using the same username.

Member 12712527 2-Aug-21 7:53am

in today's AI you could be able to mimic one's thought . In today's AI you could be able to clone handwriting . In today's AI you could be able to clone voice

Dave Kreskowiak 2-Aug-21 9:54am

So what?

None of that uses the very limited amount of data coming from a couple of login boxes in a browser.

AI has no way to tell the difference between two different users using the same userId.

Member 12712527 1-Aug-21 2:16am

sir i have seen that in mathematics at set is related to trigonometry , trigonometry is to geometry and so on

Richard MacCutchan 1-Aug-21 4:23am

Yes, and oranges are related to lemons, and lemons are related to limes. But you still need unique userids in the database table.

Member 12712527 31-Jul-21 9:39am

sir do you have any other idea

The Cool Cat 2-Aug-21 4:23am

You should prevent this from happening, it's in your hands. First things first, do not allow different users to have the same username, you should block it right away in user registration or find any way so users can't register with the same username.

Member 12712527 2-Aug-21 7:45am

that's a cheap idea