[Owasp-leaders] Password Storage Cheat Sheet

Dennis Groves dennis.groves at owasp.org
Tue Mar 12 17:03:39 UTC 2013


On 12 Mar 2013, at 16:52, Jim Manico wrote:

> After a fairly dramatic amount of work, debate and threat modeling, 
> I'd like to announce that the Password Storage Cheat Sheet is now 
> live.
>
> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
>
> Thank you to John Steven for this most excellent publication.
>
> What strikes me about Johns' work on this cheat sheet is that he also 
> published a very detailed threat model on password storage to back up 
> his conjectures.
>
> https://docs.google.com/document/d/1R6c9NW6wtoEoT3CS4UVmthw1a6Ex6TGSBaEqDay5U7g
>

I am particularly impressed with the use of compartmentalisation, fault 
tolerant design and defence in depth that this architecture utilises. 
Something I very rarely see in security designs. The threat model is 
very thorough, and I also love the rigour. This is particularly *great* 
work. Cheers to John - completely awesome work!

Dennis

-- 
[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 
meeting](http://goo.gl/8sPIy).

*This email is licensed under a [CC BY-ND 
3.0](http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB) license.*

**Please do not send me Microsoft Office/Apple iWork documents.**
Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
Stand up for your freedom to install [free 
software](http://www.fsf.org/campaigns/secure-boot/statement).

> The idea that some lives matter less is the root of all that’s wrong 
> with the world. -- Paul Farmer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130312/63242c3b/attachment.html>


More information about the OWASP-Leaders mailing list