i agree with everyone here encrypting and decrypting is futile
Fair enough, 'everyone' is saying don't encrypt/decrypt passwords. That might lead someone to the (incorrect) conclusion that 'everyone' thinks passwords should just be stored in plain text.
What 'everyone' was failing to say is that the correct approach is to stored hashed passwords rather than encrypted passwords.
| [reply] |
No, noone is failing to say that. Everyone but you is realizing that storing a hashed password isn't going to solve the OPs problem.
Here's an example how hashed passwords are utterly useless: You have an application that needs access to a database. Access is password controlled. I give you the hashed password, and tell you to write a script to retrieve a piece of data from the database. Now, what's your plan? How do you intend to use this hashed password?
Hashed passwords are great if your purpose is to check whether a given password is valid. However, the point of hashing passwords is to make retrieving them impractical. Which means that if you need the plain text password, hashed passwords are not the answer.
| [reply] |
| [reply] |