0

I'm looking for folks thoughts on hashing v encrypting as is done in this article

http://www.aspsnippets.com/Articles/Encrypt-and-Decrypt-Username-or-Password-stored-in-database-in-ASPNet-using-C-and-VBNet.aspx

I had previously used hashing on SQL passwords which I thought worked quite well. Is one better than the other? Should this not be used due to the same encryption key being used? Any opinions welcome, thanks

Uwe Keim
  • 39,551
  • 56
  • 175
  • 291
DarkW1nter
  • 2,933
  • 11
  • 67
  • 120
  • With the current phrasing, this is a very subjective question. Can you think of a different phrasing that'd make it less opinion-based (which is off-topic for SO)? – Jeff B May 31 '16 at 21:06
  • 1
    Do NOT EVER store passwords in a database, encrypted or not. If the password can be retrieved, it's in danger of being stolen. Use a highly secure hashing algorithm with salt to store only hashes. A good hashing algorithm makes it unfeasible to recover the password in case your database gets hacked into. – xxbbcc May 31 '16 at 21:06
  • if you encrypt the password, you will have overhead of storing the encryption key. – vabii May 31 '16 at 21:08
  • I think there is no sane reason to _only_ encrypt. However it's not that trivial with hashing _and_ encryption together. – Evk May 31 '16 at 21:09

0 Answers0