-8 upvotes, 2 direct replies (showing 2)
View submission: Reddit's Streak of Bad Luck Continues...
Maybe they encrypt the passwords.
Comment by duketime at 14/12/2006 at 19:46 UTC
10 upvotes, 2 direct replies
I don't really see what encryption gains you over hashing. Hashing is still safer and has much less liability (because there's no reasonable way for the site operator to back out the passwords, and even less, with a key, for hackers to do so without the code). Encryption, though it does have all sorts of obvious benefits over cleartext, allows for a constant-time means to back out the cleartext, which is automatically (to me) makes hashing worth the (infrequent) hassle of forgotten password shenanigans.
I thought hashing passwords was SoP these days.
Comment by bhagany at 14/12/2006 at 19:46 UTC
-26 upvotes, 2 direct replies
hashing = encrypting