[Owasp-leaders] Please help promote OWASP & avoid the next LinkedIn debacle

Seba seba at owasp.org
Thu Jun 7 05:35:03 UTC 2012


Hi Andy

great initiative: I've done this for the Global and Belgium LinkedIn groups

thx

--seba

On Thu, Jun 7, 2012 at 4:18 AM, Andy Lewis <alewis at owasp.org> wrote:

> Nearly all of my LinkedIn groups have some hysterical mention of the
> LinkedIn password hash leak.
> Few of them mention the fact that the hashes were unsalted.
>
> OWASP has answers.  Please join me in promoting those answers by
> "Liking" my posts about salt or publishing your own.
>
> Here's the message I've been posting (yeah, it COULD be more subtle):
>
> <Discussion Field 1>
> It's easy to point and laugh at LinkedIn for failing to salt our
> passwords, but it's also a good time to remind people about how easy
> OWASP has made hashing with salt for some languages:
> </Discussion Field 1>
>
> <Discussion Field 2>
> The references for the CryptoGraphic Cheat Sheet cover salt for java,
> php, and .net.
>
> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet#References
>
> Anybody aware of any others?  Now's a good time to update the cheat
> sheet references on OWASP's wiki.
> Either way, this is a VERY GOOD TIME to discuss salt w/Developers...
> </Discussion Field 2>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120607/0da60332/attachment.html>


More information about the OWASP-Leaders mailing list