StorePasswordsReversibly [anti-pattern] v0.1.0

Storing passwords as plaintext, encrypted (any reversible cipher), with a fast hash (MD5, SHA-1, SHA-256), or unsalted. Any scheme where the server — or anyone with the keys — can recover the original password is the anti-pattern.

Label

Storing passwords in a form the server can recover

Why Bad

If the database leaks (and databases leak) every user's password is now public. Because users reuse passwords, the breach radius extends to every other site they use. 'We encrypt them' is not a defence — encryption keys live next to the database in nearly every breach. Fast hashes fall to commodity GPU rigs at billions of guesses per second.

Instead Do

    Use a memory-hard, adaptive hash designed for the job: argon2id
    (preferred), scrypt, or bcrypt. Salt per-user, store cost parameters
    alongside, verify in constant time, and re-hash with stronger
    parameters on successful login when the cost has been raised.

    If your code calls `MD5(password + salt)`, `sha256(...)`, or
    `AES.encrypt(password, key)` for storage — it is wrong. Replace
    immediately with argon2id and force a credential reset for any
    user whose record was previously stored under the old scheme.
  

StorePasswordsReversibly [anti-pattern] v0.1.0

Storing passwords as plaintext, encrypted (any reversible cipher), with a fast hash (MD5, SHA-1, SHA-256), or unsalted. Any scheme where the server — or anyone with the keys — can recover the original password is the anti-pattern.

Label

Storing passwords in a form the server can recover

Why Bad

If the database leaks (and databases leak) every user's password is now public. Because users reuse passwords, the breach radius extends to every other site they use. 'We encrypt them' is not a defence — encryption keys live next to the database in nearly every breach. Fast hashes fall to commodity GPU rigs at billions of guesses per second.

Instead Do

    Use a memory-hard, adaptive hash designed for the job: argon2id
    (preferred), scrypt, or bcrypt. Salt per-user, store cost parameters
    alongside, verify in constant time, and re-hash with stronger
    parameters on successful login when the cost has been raised.

    If your code calls `MD5(password + salt)`, `sha256(...)`, or
    `AES.encrypt(password, key)` for storage — it is wrong. Replace
    immediately with argon2id and force a credential reset for any
    user whose record was previously stored under the old scheme.
  

Label

Storing passwords in a form the server can recover

Why Bad

If the database leaks (and databases leak) every user's password is now public. Because users reuse passwords, the breach radius extends to every other site they use. 'We encrypt them' is not a defence — encryption keys live next to the database in nearly every breach. Fast hashes fall to commodity GPU rigs at billions of guesses per second.

Instead Do

    Use a memory-hard, adaptive hash designed for the job: argon2id
    (preferred), scrypt, or bcrypt. Salt per-user, store cost parameters
    alongside, verify in constant time, and re-hash with stronger
    parameters on successful login when the cost has been raised.

    If your code calls `MD5(password + salt)`, `sha256(...)`, or
    `AES.encrypt(password, key)` for storage — it is wrong. Replace
    immediately with argon2id and force a credential reset for any
    user whose record was previously stored under the old scheme.