[Owasp-leaders] Password Storage Cryptography

Jim Manico jim.manico at owasp.org
Sun Feb 21 19:18:34 UTC 2016


Hello folks,

I made a significant update to the password storage cheatsheet (hat tip 
to John Steven) to mention the winner of the password hashing 
competition, *Argon2*.

https://www.owasp.org/index.php?title=Password_Storage_Cheat_Sheet&diff=209303&oldid=203402

This is a fairly significant change beyond the standard recommendations 
of using a salted PBKDF2, bcrypt or scrypt - or HMAC's at scale.

If you're into this sort of thing, check out 
https://password-hashing.net/argon2-specs.pdf. Various crypto libraries 
are working on production class implementations now, and should be ready 
sometime in 2016/17. Worth putting on your radar.

Aloha,
Jim Manico
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160221/46238a1c/attachment.html>


More information about the OWASP-Leaders mailing list