Storing answer to security question

[RBX]

I use salted hashing on passwords and store salt in plaintext, but am doubtful on what to do with security answers, is there an accepted practice ?

I have a general idea regarding this, that includes converting multiple spaces to single, trimming leading and trailing spaces, converting to lowercase, adding nonce, and hashing. I'd be grateful on some input on this, with perhaps some references telling if such scheme is actually employed.

 

[harshilsharma63]

Just use any encryption algorithm.

 

[RBX]

Just use any encryption algorithm.

Encryption would require a key, storing it isn't an option, and keeping it static in code isn't either.

 

[Mario]

Don't know about "accepted practice", but a one-way hash on both the security question and the answer would be one way of doing it (although it might be a little too strict, depending on where this is implemented).