We take security very seriously, and passwords are, of course, secured in your Sharetribe marketplace. But how?
Are passwords encrypted, hashed, or secured?
Yes, we store passwords hashed with bcrypt password hashing function, which is a current security best practice.
This function makes it extremely hard for the original password to be retrieved even if a password hash is obtained somehow, provided that the password was not trivial.
If you'd like to know more about bcrypt, this Wikipedia article has some more technical details.
Encrypted, hashed... what?
There are differences between encryption and hashing:
- encryption is meant to be reversible (you can decrypt) - i.e., you can get your original value from the encrypted value, using some key.
- hashing, on the other hand, is a one-way function. You can compute a hash for a given value, but you can't get your original value from the hash (when the hashing function is good enough).
So for password storage, hashing is by far the better way to go.
And that's what we do, to make sure that all passwords in your marketplace are secured!