This login authentication example shows how an item of data can be proven to exist without divulging the actual data.
When a password is created for a user, a mathematical fingerprint of the password (a hash) is stored on the server, not the password itself. If the server were ever hacked, the real password would not be present. See
hash and
zero-knowledge proof.
Challenge-Response Login
When a user logs in, the server generates a random number that it sends to the client while subtracting it from the hashed password. The client subtracts the number from the hash and sends it to the server. If both subtractions are the same, the user is authenticated without the server having the actual password. For a more detailed example, see
challenge-response.