But there is a way of avoiding this. A password can be handled as an ordered sequence of bits. Each bit has only two possibilities; it can either be a 0 or a 1. The ordering of the bits is equivalent to the ordering of the characters in the password. Thus, an ordered sequence of 255 bits is just like a password. But 256 bits or more can be quite a bit more secure. These larger bit sequences are called a key, and if the algorithm used is a \"one-way\" algorithm (one that is designed to be totally useless if an attacker has the key), then only the person with the key can generate the key from any password. If the algorithm used is a \"two-way\" algorithm (one that isn't designed to be useless if an attacker has the key), then anyone with the key can generate the key from any password, but if an attacker has a copy of the password, then he/she can figure things out but cannot figure them out by just trying every possible combination of digits. In high security situations, passwords are normally hashed, and it is that hashed value which represents the password in a useable form. This seems to be the way to go. Why? By encrypting the password and sending the result over the network, it is possible to randomly select a key from a large space and use it to authenticate the user. With that key in hand, it is also possible to encrypt a hash of the password to form the message header for the next message. That way, it is possible to send a secure message to another fixed location without having to worry about the loss of the key. The reason multiple keys are used is to prevent someone from using the same key at multiple fixed locations (for example, if a message is sent to a fixed location, it is also sent to a Web-based location) as the likelihood of someone intercepting two messages sent by one attacker is much less than intercepting a single message.
By using the network to handle the authentication, it is also possible to restrict the key space to all combinations of digits. Increasing the size of these keys reduces the risk of having someone intercept the key if it is insecurely stored. But increasing the size of the key reduces the number of digits that can be used. To make hash algorithms more secure, we need to use a larger number of bits and/or better techniques to hash data. 7211a4ac4a