I’m trying to decide whether it is better to store passwords in a database as key-encrypted strings, or as the result of a hash function (with salt). An encrypted string is secure as long as the key is secure, which it seems to me is both its strength and its Achilles’ heel. Since the application … Continue reading Encrypted versus hashed passwords