I'm curious about validating user passwords (for logins and such). I see that it is common to use a salted hash to store (safely) user passwords with the intent to validate user logins.
My question:
Would using passphrase-protected private keys be an equivalently safe method of doing this?
Possible implementation:
When a user creates an account on your platform they would give you the password they intend to use. The server would then take the password and generate a new private key (based on your choice of entropy) and use the user's password as the passphrase to 'protect' the private key. You would then store the passphrase-protected private key paired with the user name so when someone tries to login with a given (registered) username, you can lookup the private key and try and unlock it with the provided password.