I remember hearing before that it’s a sign they are storing your info unencrypted but I never checked.
Is this true? I was logging into a .gov website and noticed it does that.
I remember hearing before that it’s a sign they are storing your info unencrypted but I never checked.
Is this true? I was logging into a .gov website and noticed it does that.
I don’t think many places encrypt/hash email addresses, but even if they did they could just apply the hash algorithm to what you entered to compare the hashes.
So ultimately hashing an email address could be a good thing, but its a matter of half measures. Sure, you can perform a basic hash before putting it in the database, but if we assume hashing is performed to prevent it being read by an attacker, why bother unless youre doing it properly?
Passwords, being more sensitive, should only be compared once finished being entered, so you can afford to run all the hashing, salting etc that is a requirement to keep the passwords safe.
If you were going to hash the email to the same standard, it becomes harder to retrieve and display, so when the user wants to look at their profile in the ui, you have to run an intense cryptographic algorithm just to display the email. Or if you want to contact the customer, or any other use for their email. Hence, people dont bother.
Hashing is completely irreversible. You cannot hash an email address and then unhash it. At most you can brute-force guess the email until the hash matches, but this is basically impossible.
Hashing the email address would break one of the main reasons to use an email address - the ability to send emails to users.
Encrypting email addresses is fine, but you wouldnt compare the encrypted data, you’d just decrypt and compare the original email address.
Man, youre totally right and I now feel embarassed i forgot that.