23
fedelc
9y

Client from a big company requested that all sensible data should be encrypted, passwords included.
We agreed that was OK, and that we were already saving the hashes for the passwords.
The reply was "Hashes should be encrypted too"

Comments
  • 3
    encrypt all encryption !!!!
  • 7
    Little overkill but given the efficiency of rainbow tables and some of the vulnerabilities that get found all the time in widely used hashing algorithms with a poor salt, not the WEIRDEST thing I've ever seen.
  • 0
    "Sensible data? No, we don't have that. Just weird stuff." :-D
  • 1
    Hash+salt and use bcrypt should be enough.
Add Comment