|
|
|
|
|
|
by rmc
5274 days ago
|
|
|
'plain text' here includes encrypted non-hashed formats. Passwords should always be stored hashed so the original site (or any attacker who gets them) can get access to the password. And if it's possible to automatically reverse the encryption, then it's not far off plain text. |
|
|
When each line of code you write is a point of failure, I would rather trust an algorithm (e.g. bcrypt) which is immune to all of them rather than reversible encryption which needs only two.