[Owasp-leaders] Password Storage Cheat Sheet

Jim Manico jim.manico at owasp.org
Tue Mar 12 16:52:13 UTC 2013

After a fairly dramatic amount of work, debate and threat modeling, I'd like to announce that the Password Storage Cheat Sheet is now live.


Thank you to John Steven for this most excellent publication. 

What strikes me about Johns' work on this cheat sheet is that he also published a very detailed threat model on password storage to back up his conjectures.


This cheat sheet covers adaptive one-way functions, salting and work factors, and also discusses situations where adaptive one-way functions are simply impossible because of performance issues.

John also discusses cryptographically sound techniques that allow for one-way password storage and key rotation, as well as high performance password storage.

Great work John, and thank you for the donation.

Jim Manico
OWASP Volunteer

More information about the OWASP-Leaders mailing list