|
|
|
|
|
|
by gregatragenet3
2996 days ago
|
|
|
Presumably the application that accesses encrypted passwords in the database also has the decryption key close at hand. So if that application is compromised the attacker has access to both the encrypted data and the key to decrypt it. If the password is just stored hashed there is no way to directly decrypt it, you can only verify that a clear text string matches the hash. I'm not sure how relevant it is these days, it seems like there's enough CPU / GPU power that any password that's short enough to be practical can probably be cracked from it's hash quickly. |
|
|