Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Encryption is good if nobody has access to the key. One way hashing is the way to go.
-
@Dave-Elec 'recommended'?!
You should kidnap his family and torture them until he finally implements hashing! -
@alexbrooklyn.. Haha.. let him live untill he uses plain text files as a database
-
With no encryption crackers will try to decrypt what is unencrypted and will fail greatly.
-
Root825385y@cmarshall10450 Encryption where nobody has a key is equivalent one way hashing.
Encryption where the key is known is eventually equivalent to cleartext. Possibly much sooner in the event of data breaches)
Passwords should only ever be hashed; there are zero reasons to decrypt them. The server should only know a user's password during account creation and login. And better yet: they should be hashed and salted on the client, too, so the user's effective password is also a hash. This prevents traffic sniffers from reading them, and MITMs from seeing them in cleartext.
A friend actually asked me this..
He is building an android app for selling his stuff and haven't used hashs for storing passwords..
rant