Using asymmetric encryption to secure passwords

Question

Due to our customer\'s demands, user passwords must be kept in some \"readable\" form in order to allow accounts to be converted at a later date. Unfortunately, just saving hash

Answer 1

In terms of answering your specific question, my main concern would have been management of the private key but given it's well and truly not accessible via any computer system breach, you're pretty well covered on that front.

I'd still question the logic of not using hashes though - this sounds like a classic YAGNI. A hashing process is deterministic so even if you decided to migrate systems in the future, so long as you can still use the same algorithm, you'll get the same result. Personally, I'd pick a strong hash algorithm, use a cryptographically strong, unique salt on each account and be done with it.