Hacker News new | past | comments | ask | show | jobs | submit login

Is there an effective difference between storing it in plaintext and with storing it with a trivially reversible algorithm?



A slight one if any.

If you store passwords plaintext in the database, a simple SQL injection can dump them out.

If you store passwords encrypted in the database, you need to get the code of the server software in order to extract the keys.

So at the end of the day, it depends on the probability of a complete server compromise vs. the probability of a successful SQL injection.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: