1

Now, I am reading Identity and Data Security for Web Development: Best Practices. In this book, sometimes text like this appears.

We then encrypt the password for the login attempt. (p40 Validating a Password Against a Hashed Value)

This chapter describes comparing user input passwords with the stored hash. So the 'encrypt' means creating hash from raw data by a cryptographic hash function in the text I think.

I want to know can I use both the word 'encrypt' and 'hash' for action as both creating hash that can't be decrypted from. Or can I use only 'encrypt' when encrypted value can be decrypted?

Inaba Jun
  • 31
  • 2
  • 2
    This might be better for [english.se], but I would say _strictly_ hashing isn't encryption as it's irreversible. – jonrsharpe Mar 17 '21 at 15:34
  • 2
    Hash and encrypt aren't interchangeable and have different meanings. Most likely the book is wrong and the phrase should be `We then hash the password for the login attempt`. – Alejandro Mar 17 '21 at 15:36
  • Thank you. I understand feelilngs now. – Inaba Jun Mar 17 '21 at 15:52
  • Please don't intermix those two words, a lot of confusion about safe password storage comes from mixing up encryption and hashing in internet articles! Encryption is always two-way and decryptable, hashing is always one-way and not recoverable. – martinstoeckli Mar 18 '21 at 15:43

0 Answers0