[hello0904]

Best practices for password storage use one-way hash functions (like bcrypt, Argon2, or PBKDF2) rather than encryption algorithms like AES. AES is not one way and in theory you can generate 2nd, 3rd, etc. master keys to decrypt. :)

[ethangk]

That’s relevant when storing a users password to verify that they’ve entered the correct data, but password managers (which Keychain effectively is, I believe) need to be able to retrieve the original password

[hello0904]

Frankly, you're confusing hashing algorithms, encryption and "IDs".

Authentication: "Prove you are you" (hash functions)

Secure Storage: "Keep this secret but let me get it back later" (encryption)

Identification: "Track who/what this is" (UUIDs/tokens)

[stouset]

You are deeply confused as to how password managers work.

Password managers—all password managers—require stored passwords to be encrypted such that they can be decrypted. Otherwise they would have no possibly way to retrieve the stored secret for the sake of submitting it to the verifying party.

Best practice for verifiers is to use a one-way memory-hard password hash.

Keychain is a password manager.

[ziddoap]

>Secure Storage: "Keep this secret but let me get it back later" (encryption)

This is what keychain does. You retrieve the passwords later.

So, no. It is not a one-way hash function as you stated.

[kstrauser]

A thought experiment:

Use Argon2 to hash a password before storing it in the password manager. Now the user visits that website and wants to log in. What is it that the password manager pastes into the login form?

Answer: the plaintext password. But how do you get that out of the hashed value you stored earlier? You don’t. Ergo, password managers cannot use hashing functions to store their contents.