Security 104: Improper Password Storage

Now that you have a basic grounding in hashing and encryption, it’s time to get our hands dirty! This post is going to feature a bit of pseudocode for your enjoyment.

There used to be a time when it wasn’t outrageously irresponsible to simply convert a password to a different format for storage. Something like this, for example:

set password = binary(entered_password);

(… Actually, I lie. That’s always been bad. This is called “security by obscurity” and has never, ever, EVER been safe.) More →