[Owasp-leaders] Please help promote OWASP & avoid the next LinkedIn debacle

Andy Lewis alewis at owasp.org
Thu Jun 7 02:18:51 UTC 2012


Nearly all of my LinkedIn groups have some hysterical mention of the
LinkedIn password hash leak.
Few of them mention the fact that the hashes were unsalted.

OWASP has answers.  Please join me in promoting those answers by
"Liking" my posts about salt or publishing your own.

Here's the message I've been posting (yeah, it COULD be more subtle):

<Discussion Field 1>
It's easy to point and laugh at LinkedIn for failing to salt our
passwords, but it's also a good time to remind people about how easy
OWASP has made hashing with salt for some languages:
</Discussion Field 1>

<Discussion Field 2>
The references for the CryptoGraphic Cheat Sheet cover salt for java,
php, and .net.

https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet#References

Anybody aware of any others?  Now's a good time to update the cheat
sheet references on OWASP's wiki.
Either way, this is a VERY GOOD TIME to discuss salt w/Developers...
</Discussion Field 2>


More information about the OWASP-Leaders mailing list