[Owasp-leaders] Please help promote OWASP & avoid the next LinkedIn debacle
jim.manico at owasp.org
Thu Jun 7 17:17:14 UTC 2012
What changes to the password storage cheat sheet do you have in mind?
I maintain that and other pages in the cheat sheet series.
On Jun 6, 2012, at 4:23 PM, Andy Lewis <alewis at owasp.org> wrote:
> Nearly all of my LinkedIn groups have some hysterical mention of the
> LinkedIn password hash leak.
> Few of them mention the fact that the hashes were unsalted.
> OWASP has answers. Please join me in promoting those answers by
> "Liking" my posts about salt or publishing your own.
> Here's the message I've been posting (yeah, it COULD be more subtle):
> <Discussion Field 1>
> It's easy to point and laugh at LinkedIn for failing to salt our
> passwords, but it's also a good time to remind people about how easy
> OWASP has made hashing with salt for some languages:
> </Discussion Field 1>
> <Discussion Field 2>
> The references for the CryptoGraphic Cheat Sheet cover salt for java,
> php, and .net.
> Anybody aware of any others? Now's a good time to update the cheat
> sheet references on OWASP's wiki.
> Either way, this is a VERY GOOD TIME to discuss salt w/Developers...
> </Discussion Field 2>
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
More information about the OWASP-Leaders