Menu
In our project there are several places where we could've gotten away with hashing. For example, we store an encrypted reference between a license and the licensed object in the database along with the unencrypted reference. This is to ensure that the user can't change the entity they have licensed by mucking with the database.
The main reason we use encryption everywhere is that we already had a nice encryption library and a system key. It didn't really seem worth the time to develop a hashing library in addition.
Is there any security risk we're creating by using encryption instead of hashing?
427
By storing the plain text along with the ciphertext you are creating a nice repository of test strings if someone would want to find out your key. Since you apparently use said key for encrypting everything I'd say it is a risk.
Remember, the nice thing about central databases is that some day someone will get the data. If history is any lesson, at least.
73
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
