|
|
|
|
|
|
by ljoshua
4235 days ago
|
|
|
In a secure environment, your password will be hashed (not encrypted), meaning there's only one way that the information can flow--toward the hash. This is secure because it allows for matching against the hash without actually knowing the original password. However, usernames have to be displayed, shared, searched, etc. It could in theory be possible to encrypt this, but with the requirement that it be two way (so as to allow display), it is more trouble than it is worth, with minimal security gained. Most security researchers would probably also point out that if you are able to get to a point where you are dumping a database of user credentials and emails, you are probably also going to be able to retrieve the encryption key, rendering all of that encryption moot. |
|
|