August 2018
Beginner
594 pages
22h 33m
English
Content preview from Software Architect's Handbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Storing encrypted passwords
To provide protection of passwords, some software applications encrypt the passwords. During registration, the password is encrypted prior to being stored. In order to authenticate, the encrypted password is decrypted using the appropriate algorithm and a key. The plaintext password entered by the user is then compared with the decrypted password.
However, because an encrypted value can be decrypted back to its original value, if an attacker can either intercept a decrypted password or obtain the details necessary to decrypt a password, security will be compromised. If you need to store passwords, encryption is not the method that we want to use.