Self Encryption: Encrypting a password using the password itself (as a symmetric key). Basically, by doing this, I'll get random data as an output. Now, in order to retrieve the password from this encrypted data, I must know the key. That is, I must know the password itself. Doesn't this property make it kind of one-way function?
I know that Hashing is the recommended and preferred way for storing passwords in a database (since it is one way). I also know that we should NEVER come up with our own crypto. However, I'm just curious to know how effective (in terms of security) will this Self Encryption be (if used instead of hashing) for storing passwords in a database?
By the way, I was not able to find much detail regarding this on the internet. I came up with concept while brainstorming and while searching about it, I came across with this answer by Tom Leek (where he called this technique as Self Encryption).
Aucun commentaire:
Enregistrer un commentaire