[Owasp-leaders] Please help promote OWASP & avoid the next LinkedIn debacle

Jim Manico jim.manico at owasp.org
Thu Jun 7 22:54:40 UTC 2012


This is a great idea, let's take this off-line and discuss.

If anyone else wants to augment the password storage cheatsheet wiki
away or drop me a line.

I would especially love more platform/language specific advice as Andy
suggested.

https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet


Rock on, Andy,

-- 
Jim Manico

Connections Committee Chair
Cheatsheet Series Product Manager
OWASP Podcast Producer/Host

jim at owasp.org
www.owasp.org

> Hi Jim - right now it looks to me like we provide good general
> guidance and references to implementation in specific
> languages/frameworks.  My intention was to 1) promote awareness, and
> 2) solicit additional references for additional specific languages or
> frameworks to make a great cheat sheet even better.
> All the best,
> Andy
>
> On Thu, Jun 7, 2012 at 11:17 AM, Jim Manico <jim.manico at owasp.org> wrote:
>> What changes to the password storage cheat sheet do you have in mind?
>> I maintain that and other pages in the cheat sheet series.
>>
>> --
>> Jim Manico
>> (808) 652-3805
>>
>> On Jun 6, 2012, at 4:23 PM, Andy Lewis <alewis at owasp.org> wrote:
>>
>>> Nearly all of my LinkedIn groups have some hysterical mention of the
>>> LinkedIn password hash leak.
>>> Few of them mention the fact that the hashes were unsalted.
>>>
>>> OWASP has answers.  Please join me in promoting those answers by
>>> "Liking" my posts about salt or publishing your own.
>>>
>>> Here's the message I've been posting (yeah, it COULD be more subtle):
>>>
>>> <Discussion Field 1>
>>> It's easy to point and laugh at LinkedIn for failing to salt our
>>> passwords, but it's also a good time to remind people about how easy
>>> OWASP has made hashing with salt for some languages:
>>> </Discussion Field 1>
>>>
>>> <Discussion Field 2>
>>> The references for the CryptoGraphic Cheat Sheet cover salt for java,
>>> php, and .net.
>>>
>>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet#References
>>>
>>> Anybody aware of any others?  Now's a good time to update the cheat
>>> sheet references on OWASP's wiki.
>>> Either way, this is a VERY GOOD TIME to discuss salt w/Developers...
>>> </Discussion Field 2>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders





More information about the OWASP-Leaders mailing list