This can be accomplished in a few different ways: Password cracking refers to the process of extracting passwords from the associated password hash. Since hash functions are also deterministic (meaning that the same input produces the same output), comparing two password hashes (the stored one and the hash of the password provided by a user) is almost as good as comparing the real passwords. Hash functions are designed to be one-way, meaning that it is very difficult to determine the input that produces a given output. Instead, authentication systems store a password hash, which is the result of sending the password - and a random value called a salt - through a hash function. This would make it far too easy for a hacker or a malicious insider to gain access to all of the user accounts on the system. A well-designed password-based authentication system doesn’t store a user’s actual password.
