Hashing VS Encryption

How should we securely store user passwords in our database system? In this article, I will introduce a hashing method I commonly use for this purpose.

Hashing is an excellent technique for storing passwords securely because it transforms a password into something unreadable to humans. For example:

• Original Password: “ABCDE”
• Hashed Result: “$2a$10$4fl2fxfyjyRUyVlRRaDFx”

In my projects, I employ the bcryptjs library, which simplifies the password hashing and comparison processes. This library also aids in generating unique salts, making it more challenging for hackers to crack passwords (depending on the salt’s length). I typically use a standard salt length of 10.

When a user enters their password, the bcryptjs library allows us to compare it with the stored hash using a compare function, providing a boolean result (yes/no). We can then determine if the password is valid or not.

It’s important to note that hashing is a one-way process, meaning it cannot be reversed.

On the other hand, encryption is employed to safeguard data for security purposes. Unlike hashing, encryption can be reversed through a process called decryption. It’s typically used to protect sensitive files, such as personal information or government documents.

Thank you for reading, and I hope this article helps you enhance your programming knowledge. I’ll see you next time!