[Owasp-leaders] Please help promote OWASP & avoid the next LinkedIn debacle

Jim Manico jim.manico at owasp.org
Thu Jun 7 17:17:14 UTC 2012


What changes to the password storage cheat sheet do you have in mind?
I maintain that and other pages in the cheat sheet series.

--
Jim Manico
(808) 652-3805

On Jun 6, 2012, at 4:23 PM, Andy Lewis <alewis at owasp.org> wrote:

> Nearly all of my LinkedIn groups have some hysterical mention of the
> LinkedIn password hash leak.
> Few of them mention the fact that the hashes were unsalted.
>
> OWASP has answers.  Please join me in promoting those answers by
> "Liking" my posts about salt or publishing your own.
>
> Here's the message I've been posting (yeah, it COULD be more subtle):
>
> <Discussion Field 1>
> It's easy to point and laugh at LinkedIn for failing to salt our
> passwords, but it's also a good time to remind people about how easy
> OWASP has made hashing with salt for some languages:
> </Discussion Field 1>
>
> <Discussion Field 2>
> The references for the CryptoGraphic Cheat Sheet cover salt for java,
> php, and .net.
>
> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet#References
>
> Anybody aware of any others?  Now's a good time to update the cheat
> sheet references on OWASP's wiki.
> Either way, this is a VERY GOOD TIME to discuss salt w/Developers...
> </Discussion Field 2>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list