Question about password encryption and verification of a password

Toggle sidebar Toggle sidebar
U

Udgnim

Diamond Member
Apr 16, 2008
3,679
122
106
Just curious

For password verification of an encrypted password, is it normal for the encrypted password to be decrypted then compared against the supplied password or is it normal for the supplied password to be encrypted then the resulting value is compared against the value of the original encrypted password?

Thanks.
 
J

jvroig

Platinum Member
Nov 4, 2009
2,394
1
81
Passwords should not be encrypted. They should be hashed. Therefore, since decryption is not an option, the proper way to verify is to hash the supplied password, then see if it is the same hash as is stored.

On how to properly store passwords (hashing, not encrypting), see this post I made after the linkedIn hack.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom