When hackers talk about passing the hash, they are referring to the hashed value of the password that was obtained from an exploited device. The process of hashing a password works by utilizing a cryptographic algorithm that transforms plaintext into a fixed length string of characters. This string of characters is called a fingerprint. A method known as salting makes cracking a hashed password much harder. Salting a hashed password works by adding a random string of characters before the password is hashed. A hash is considered to be a one-way function, because it cannot be reversed.

Hash tables are often used to index data for fingerprinting. An example of an MD5 hash looks like this, 8743b52063cd84097a65d1633f5c74f5. An example of a salted MD5 hash is 01dfae6e5d4d90d9892622325959afbe:7050461. The seven numbers at the end of the string is a random set of numbers added before the hash string is created. Later in this chapter, we will discuss how different hash functions work.