Best way to encrypt a password.
Any language.
Go.

Argon2.

Bcrypt or Argon2

Encrypt?
AES256 or chacha20 with random padding and and key with the same length
Hash?
Bcrypt

Caesar cipher but with random shift for every character. And with chinese symbols after A-Z.

> Any language.

> Go.

You changed your mind pretty quickly there.

@nitwhiz so an modification of the one time pad

Hash? Argon2id
Encrypt? No

@ethernetzero
You beat me to it.

We don't encrypt passwords. Except if it's a password manager

What makes Go a better choice of language for that?
...
Oh wait :thinking:

Found the attached on https://cryptofails.com/post/...

Just flip all the bits

reverse it, but twice.
double the security.

ROT13 used by one of the biggest companies in the world over 10 years

set it as a variable value in a Perl script.

All of you who commented but didn't leave a ++ will roast in hell...
makes me think of chicken..
darn you!

(Also HAR HAR "GO" dad jokes)

@kfalencik the fires shall be warmer then my current location 🤗🔥

@C0D4 LIT

Read it to a baby until it mumbles something random. Store that along with the plaintext password.

Best encryption will vastly differentiate from a good effective one lol
Also, as said before, passwords a generally being hashed, not encrypted

Pair each letter/number with a symbol(i.e. a to "$") then place the resulted string in a perl script, nobody will suspect a thing.

Set the password to ******** then put that as plain text in your code. No one will try it because they will assume it is redacted.

Depends on what you want to achieve.
Security only?
One time pad wins by default (but it's only useful for a local password manager).
DB entries to check passwords inserted by users? You shouldn't save the encrypted version but only an hash.
Sending passwords to the users? Any secure encryption, it's not more important than the rest of the users' data (e.g. their session tokens).
Personally I would use the same protocol as the session tokens (possibly adapting it for asymmetric encryption if necessary) because it guarantees the same security instead of potentially creating a security breach (if you use two different protocols only one needs to be faulty to generate a breach).

@fuck2code almost right. Eventually the user has to receive the passwords you randomly generated for him.

@nitwhiz it's equivalent to one time pad but notice that the chinese symbols are useless. They increase the space of the output but if the attacker excludes those symbols it's the precise same brute attack as a Cesar with random offsets or a randomly generated one time pad.

ROT13 two times will be TWICE as secure!

BCrypt.

@linuxxx
Nah, scrypt is more resistent to FPGAs.

@metamourge Fair enough but I've never found a ready to use php library and compiling it has never worked for me either so then I'd say that BCrypt is the next best thing...