What should every web developer know about encryption?

Question

I\'ve just landed a PHP5 gig. I won\'t be handling the parts of the application that involve super sensitive data, but I still know embarrassingly little about security and encr

Answer 1

Learn the difference between hashes and encryption. Encryptions are generally two-way interpretations of a string. I can encrypt my password, and then decrypt it to plaintext again. The idea behind hashes are that they become a one-way 'encryption.'

On my sites I store passwords as hashes. Anytime a user signs on, I re-hash their provided password, test it against the hash stored in the database and approve if they match. I cannot send them their password if they forget it, since (generally) there is no way for me to know.Two different strings can translate into the same hash, which makes it (generally) impossible to find out what the original string was.

This is one issue that is good to get a firm understanding of, and discern when to use encryption vs. hashes.