Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is there an effective difference between storing it in plaintext and with storing it with a trivially reversible algorithm?


A slight one if any.

If you store passwords plaintext in the database, a simple SQL injection can dump them out.

If you store passwords encrypted in the database, you need to get the code of the server software in order to extract the keys.

So at the end of the day, it depends on the probability of a complete server compromise vs. the probability of a successful SQL injection.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: