That’s relevant when storing a users password to verify that they’ve entered the correct data, but password managers (which Keychain effectively is, I believe) need to be able to retrieve the original password
You are deeply confused as to how password managers work.
Password managers—all password managers—require stored passwords to be encrypted such that they can be decrypted. Otherwise they would have no possibly way to retrieve the stored secret for the sake of submitting it to the verifying party.
Best practice for verifiers is to use a one-way memory-hard password hash.
hello0904|1 year ago
Authentication: "Prove you are you" (hash functions)
Secure Storage: "Keep this secret but let me get it back later" (encryption)
Identification: "Track who/what this is" (UUIDs/tokens)
stouset|1 year ago
Password managers—all password managers—require stored passwords to be encrypted such that they can be decrypted. Otherwise they would have no possibly way to retrieve the stored secret for the sake of submitting it to the verifying party.
Best practice for verifiers is to use a one-way memory-hard password hash.
Keychain is a password manager.
ziddoap|1 year ago
This is what keychain does. You retrieve the passwords later.
So, no. It is not a one-way hash function as you stated.