|
|
|
|
|
|
by edmond_dantes
4794 days ago
|
|
|
Thanks for explain the difference between hashing and encrypting. I neglected to make that explicit. However, I disagree with you when you say, "Encrypting a password could be ok," because compromises happen and the attacker could do a memory dump, check the environment variables or perhaps find a location where the password is hardcoded (config or script, yes this happens). It's a sloppy practice that we should discourage. Hashing passwords is the most basic level of security and it's been known for decades. |
|
|