You are aware that the private key is usually encrypted as well And it can be any other name Hell it could be anywhere else at that A salted md5 hash would probably more or less avoid many of the concerns.