Other Software > Developer's Corner

Essays on Proper Storage of Site Passwords

(1/5) > >>

mouser:
Two interesting essays on how to properly store and handle user passwords for a site -- not quite as simple as you thought -- it's not good enough just to salt and use a hash function.


* https://krebsonsecurity.com/2012/06/how-companies-can-beef-up-password-security/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29
* http://throwingfire.com/storing-passwords-securely/
Also of related interest:


* http://www.nytimes.com/2012/06/11/technology/linkedin-breach-exposes-light-security-even-at-data-companies.html?_r=2&pagewanted=2&hp
* http://queue.acm.org/detail.cfm?id=2254400
Essays on Proper Storage of Site Passwords

phitsc:
Very interesting!

Ath:
+1 a very good read!

Mark0:
Nice, thanks!

Renegade:
I remember a Security Now! show a few years ago where they went on to explain exactly how iteration increases entropy and that the net effect was indeed cumulative and not simply a single step in entropy. It's very much the same thing as what they're talking about there with stretching password hashes. While the discussion was in a symmetrical cryptographic context (IIRC), the principles are all pretty much the same.

It's kind of funny how these exact same issues come up again and again in security. You'd think that people would learn their lessons by now...  :-\

Anyways, the articles were good and really well focused on that issue.

Navigation

[0] Message Index

[#] Next page