The first & accepted answer on this question about passwords management suggests to encrypt the user identifiers in DB.
The good point is that if anyone gets a password, he has to know how to decrypt the user login to get the full login/password pair.
Some disadvantages I see, for example:
LIKE '...%'
ORDER BY
on login field may be quite difficult too...What would you recommend (encrypt user identifiers or not)?
Encryption is one of the most important security features to keep your data as secure as possible. Depending on the data you are handling, it is not always a must, but you should at least consider it a security improvement in your organization.
From a privacy and data security point of view, storing an email address encrypted is the best solution.
Advantage data encryption allows your data to be completely protected, secure, and unreadable to unwanted access. There are many compelling reasons to encrypt your data including peace of mind, unauthorized access prevention, and compliance with data protection acts, laws, and certifications.
What Should You Encrypt? In broad terms, there are two types of data you should encrypt: personally identifiable information and confidential business intellectual property. Personally Identifiable Information (PII)PII includes any kind of information another person can use to uniquely identify you.
As usual, the answer is "it depends".
In general, I'd say that if an attacker has access to your database, your security situation is so badly compromised that encrypting the passwords will likely do you no favours. This is different to using a one-way hash - it's likely that an attacker who has access to your database also has access to your decryption key, whereas one-way hashes, by definition, are one way.
As you already say, it's likely that you will need regular access to the userIDs (esp. if you use email addresses as user IDs); in that case, again, an attacker who can read your database likely can intercept the unencrypted data.
So, if you work for a bank, the government, or any other place where data security has to be at the very top of the list, this additional protection may just be worth it, especially if you have a strong key management system.
For other uses, I'd consider the additional security too small to merit the additional pain.
Encryption is considered to be a lesser form of secret storage than message digest functions. In fact, storing an encrypted password is a clear violation of CWE-257.
But why not hash the username? When the login the application will have the plain text. Depending on your application, you might not need to display a list of users. this would be an added layer of security, as both hashes have to be broken before the attacker can login.
That being said, if you have a plain text list of every username it will be trivial to perform a dictionary attack against any recovered hash. Further more user names are not created to be difficult to guess, often times users choose goofy names of birds or silly games like chess so that they are easy to remember.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With