[Owasp-leaders] Password Storage Cheat Sheet

Jim Manico jim.manico at owasp.org
Tue Mar 12 16:52:13 UTC 2013


After a fairly dramatic amount of work, debate and threat modeling, I'd like to announce that the Password Storage Cheat Sheet is now live.

https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet

Thank you to John Steven for this most excellent publication. 

What strikes me about Johns' work on this cheat sheet is that he also published a very detailed threat model on password storage to back up his conjectures.

https://docs.google.com/document/d/1R6c9NW6wtoEoT3CS4UVmthw1a6Ex6TGSBaEqDay5U7g 

This cheat sheet covers adaptive one-way functions, salting and work factors, and also discusses situations where adaptive one-way functions are simply impossible because of performance issues.

John also discusses cryptographically sound techniques that allow for one-way password storage and key rotation, as well as high performance password storage.

Great work John, and thank you for the donation.

Aloha,
Jim Manico
OWASP Volunteer
@Manicode





More information about the OWASP-Leaders mailing list