[Owasp-leaders] Stepping through password hashing options

Bill Riggins bill.riggins at owasp.org
Sun Jun 10 17:16:29 UTC 2012


Thanks Michael, this is one of the more comprehensive and explanatory articles I've seen on the topic. Good to see some bcrypt in there. :)

- Bill



On Jun 10, 2012, at 1:04 PM, Michael Coates <michael.coates at owasp.org> wrote:

> A nice post from one of the web dev managers here at Mozilla.  I'm interested to hear people's thoughts on the final option or any stories on other approaches.
> 
> The key item is blending the benefits of hashing / time requirements with a practical approach to minimize the impact of most common theft vector (sql injection)
> 
> http://blog.mozilla.org/webdev/2012/06/08/lets-talk-about-password-storage/
> 
> 
> 
> 
> -------
> Michael Coates | OWASP
> michael.coates at owasp.org | @_mwc
> 
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list