0

I thought about hashing or even encrypting the login credentials client side before sending them to the server. But I wondered whether it's secure to store this data in the database, because I don't know whether it's mathematically possible that a different username resulted in the same hash as another one.

Is it possible? If so, how could I store the username in a non-human-readable way without risking duplicate "cyphers" for different usernames?

jaySon
  • 795
  • 2
  • 7
  • 20
  • These answers may be useful: http://stackoverflow.com/a/38829652/413180 & http://security.stackexchange.com/a/23012/8340 – SilverlightFox Aug 26 '16 at 15:11
  • Latter link did indeed help in some way as it clearified a side question. Thanks! As for the former link, I'm not sure. The responder writes: "_A salt is to avoid the same password ever being stored with the same byte representation if used multiple times._". But that doesn't mean the opposite couldn't happen, namely that a different password with a different salt may result in the same hash. And I could apply the same logic to the username. – jaySon Aug 26 '16 at 17:39
  • How about RSA? Say, you would generate a key pair, _discard the private key_ and encrypt the username with the public key? A different username will _always_ create a different cypher, otherwise it wouldn't be decryptable. Are there arguments against this approach? – jaySon Aug 26 '16 at 17:47

0 Answers0