|
|
|
|
|
|
by foxyv
1545 days ago
|
|
|
You are entirely correct. Unfortunately anything short of a textbook is going to be "Mostly Right" when it comes to security/encryption. > Encrypting before hashing doesn't actually help us Technically correct. There is no additional need to hash once you are encrypting already. However, when compliance tells you that you need to use hashing but you still need sub 10ms performance you sometimes need to use encryption. The disadvantage is the necessity for key management, HSMs, etc... Anything with low enough entropy is going to NEED encryption unless you are using ridiculous BCrypt or PBKDF2 parameters and are willing to wait a day or two to verify a hash. > Large file hashes If you salt the file data appropriately this is not an issue. The salt can be a part of the encrypted file ensuring that your hash doesn't collide. |
|
|