Should the username be hashed when storing passwords and information in a database?

Question

Just wondering if it would be a good practice to store the username hashed in a database when storing users information such as passwords and what not.

Answer 1

It is an overkill to encrypt/hash user-name. If you are worried about security just Hash using SHA256 with random salt.

Encrypting username does not make sense because you are likely to search based on userName, partial userName. Encrypting will just make it hard to search.

---

Alright, for my whole life I have been using SHA256 with salt thinking it's the strogest. The good comment by Rein Henrichs on this post reveals that SHA256 may not be the safest. You may want to use bcrypt, but I guess it's very slow. I will do some proof of concepts, if it's very slow then I will stay with SAH256+hash.

Thanks for the link.

Answer 2

No, you should not.

Otherwise, you could not show a list of registered users, or anything of that type. It would also make a lot of other functions unnecessarily clunky.

Just use a one way digest method (such as bcrypt) on the user's password with a suitably high work factor.