[Owasp-leaders] Please help promote OWASP & avoid the next LinkedIn debacle

Andy Lewis alewis at owasp.org
Thu Jun 7 20:54:55 UTC 2012


Hi Jim - right now it looks to me like we provide good general
guidance and references to implementation in specific
languages/frameworks.  My intention was to 1) promote awareness, and
2) solicit additional references for additional specific languages or
frameworks to make a great cheat sheet even better.
All the best,
Andy

On Thu, Jun 7, 2012 at 11:17 AM, Jim Manico <jim.manico at owasp.org> wrote:
> What changes to the password storage cheat sheet do you have in mind?
> I maintain that and other pages in the cheat sheet series.
>
> --
> Jim Manico
> (808) 652-3805
>
> On Jun 6, 2012, at 4:23 PM, Andy Lewis <alewis at owasp.org> wrote:
>
>> Nearly all of my LinkedIn groups have some hysterical mention of the
>> LinkedIn password hash leak.
>> Few of them mention the fact that the hashes were unsalted.
>>
>> OWASP has answers.  Please join me in promoting those answers by
>> "Liking" my posts about salt or publishing your own.
>>
>> Here's the message I've been posting (yeah, it COULD be more subtle):
>>
>> <Discussion Field 1>
>> It's easy to point and laugh at LinkedIn for failing to salt our
>> passwords, but it's also a good time to remind people about how easy
>> OWASP has made hashing with salt for some languages:
>> </Discussion Field 1>
>>
>> <Discussion Field 2>
>> The references for the CryptoGraphic Cheat Sheet cover salt for java,
>> php, and .net.
>>
>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet#References
>>
>> Anybody aware of any others?  Now's a good time to update the cheat
>> sheet references on OWASP's wiki.
>> Either way, this is a VERY GOOD TIME to discuss salt w/Developers...
>> </Discussion Field 2>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list