# 2006-FSA-CH-RM-WEB-FT Cookie Jar: Web Security ## What about attacks that phish for information from organizations, where someone impersonates a member of the organization in order to gain secure information. Does this come down solely to personnel training? Or perhaps a inhouse checklists through employee User Interface to remind them to confirm the identity of the person requesting the information? This is a lot on social engineering. Some of it is through personnel training. But there are other ways to defend against it as seen [here](https://digitalguardian.com/blog/phishing-attack-prevention-how-identify-avoid-phishing-scams) ## Why is hasing a one-way Street? Are Hashes(RSA-SHA256) particularly difficult to decrypt? Will Quantum computing allow for future decryption of hashing? This is the underlying technology for Blockchain right? I don't know the math/theory behind hashing and a good hashing function. The idea is hashing would be very hard to try to reverse. The idea of decryption around hashing I feel is not really correct because of the fact that we don't know of or have a key to reverse the hash back to its original representation. I also don't know much about quantum computing to really talk about what it can or can not break. [Here's some info on it: The state of symmetric hash algorithms after quantum computing](https://www.real-sec.com/2019/08/state-of-symmetric-hash-algorithms-after-quantum-computing/) Yes, blockchain uses something called [Merkle Trees](https://hackernoon.com/merkle-trees-181cb4bc30b4) which are also sometimes known as binary hash trees. ## are hashes the reason why you need to reset a password rather than retreive a password because technicly the database does not have your 'password' Yeah, I believe so! We don't necessarily ever know what the original input is.