Troy Hunt of Have I Been Pwned fame wrote that because encryption is reversible but hashing is not passwords should be hashed, not encrypted. I think passwords should hashed-then-encrypted, i.e., they are hashed with a slow memory-hard function like Argon, scrypt or bscrypt, then the hashes are encrypted using
Why you want to encrypt password hashes
Why you want to encrypt password hashes
Why you want to encrypt password hashes
Troy Hunt of Have I Been Pwned fame wrote that because encryption is reversible but hashing is not passwords should be hashed, not encrypted. I think passwords should hashed-then-encrypted, i.e., they are hashed with a slow memory-hard function like Argon, scrypt or bscrypt, then the hashes are encrypted using