A senior engineer, while talking about adding encryption to the application, mentioned using SHA256 for that purpose.

If you're hashing comparables, that's probably fine.

What are you encrypting?

@SortOfTested Our application provides data to some other downstream applications and that needs to be encrypted. It is all file based, really old system.

@yakomakaza
I'd want to hear the rest of it, but yeah, obv that's not going to accomplish encryption. Might not be a bad lean for checksum, however.

Encryption with hashes?

Ooooh Kay then.

I guess.. it'll be encrypted... in a non reversible way for a few years 😅

Sure it's encryption, just where the key is the original file contents... 😂

@SortOfTested I would like to elaborate further but I have a few colleagues here and I don't want them to find out 😅.

I meaaaan...

You could do a hash of the password to create a 256bit key for encryption I guess?

Or you could use the hash as a signature or a checksum I guess?

I'd like to hear more context from the senior himself before I assume he doesn't know what he's talking about :D

So well encrypted it can never be read again.

One can make ciphers out of hash functions (e.g. "Message Digest Cipher" by Peter Gutman, "Karn" by Phil Karn and the improved version of Karn by Michael Luby and Charles Rackoff).
They are not necessarily good, and most likely not what anyone would think of when using "encryption" and "sha256" in the same sentence.

FINALLY getting rid of plain-text passwords, are we?

Maybe he was confusing SHA with AES. Albeit very different I've heard quite a bunch of people confusing them already.

@michezio A lot of people mess up "encryption" and "hashing"...

My old senior thought encryption and hashing were the same too.

Well, at least it's encrypted... 😂