If I hash passwords before storing them in my database , is it enough to prevent them from being recovered by someone?
I'm just talking about directly from database recovery, and not any other type of attack , such as brute force in the application login page, keylogger on the client and rubberhose cryptanalysis. Any form of hash will not prevent these attacks.
I'm worried aboult making difficult or even impossible to obtain the original password if BD is committed. How to increase security assurance in this regard ?
What additional concerns would prevent access to passwords ? Are there better ways to make this hash ?