如果資料庫裡存有我們的密碼,那麼負責管理資料庫的人不就可以看見嗎?或者資料庫被入侵,入侵者也可以全部看見。我們費盡心思保護的密碼就這樣輕易被人看光 — 這樣對嗎?當然不對,這就是為何我們需要「加密」我們用密碼學,一門在探討資訊保密、傳遞、驗證⋯等的學問,對密碼做一些特殊的處理,將密碼從原本的明文變成大家看不懂的密文,然後才將密碼傳送出去,存入資料庫。如此一來,就算有辦法查看資料庫,或者是有人在中途攔截我們傳出的資料,也只能看到加密後那一串沒有意義的密文,無法得知真正的密碼。
If we have our passwords in our database, wouldn't that means these password can be seen by the person in charge of managing the database? Or, if the database was hacked, it could be revealed completely to the hacker. Of so many efforts we put into protecting our password, only to have it stolen easily. Is this right?Of course not, that's why we need "encryption".We use cryptography, a knowledge focus on confidentiality, data transmitting, verification, etc. We process our passwords, encrypt it into ciphers which nobody understands before sending them into the database.Thus, even if there is a way to view our database, or somebody managed to intercept our data during transmission, they can only see meaningless ciphers that were encrypted, and no way to find out the content.