[Owasp-leaders] Password Storage Cheat Sheet
jim.manico at owasp.org
Tue Mar 12 16:52:13 UTC 2013
After a fairly dramatic amount of work, debate and threat modeling, I'd like to announce that the Password Storage Cheat Sheet is now live.
Thank you to John Steven for this most excellent publication.
What strikes me about Johns' work on this cheat sheet is that he also published a very detailed threat model on password storage to back up his conjectures.
This cheat sheet covers adaptive one-way functions, salting and work factors, and also discusses situations where adaptive one-way functions are simply impossible because of performance issues.
John also discusses cryptographically sound techniques that allow for one-way password storage and key rotation, as well as high performance password storage.
Great work John, and thank you for the donation.
More information about the OWASP-Leaders