[Owasp-leaders] Password Storage Cryptography
sherif.mansour at owasp.org
Sun Feb 21 20:13:44 UTC 2016
On the related topic of storing application credentials (i.e. how to store
the credentials/tokens an application uses to authenticate to datastores
and other apps etc..), has anyone investigated https://www.vaultproject.io/
? and if so what were your thoughts on it?
On Sun, Feb 21, 2016 at 7:18 PM, Jim Manico <jim.manico at owasp.org> wrote:
> Hello folks,
> I made a significant update to the password storage cheatsheet (hat tip to
> John Steven) to mention the winner of the password hashing competition,
> This is a fairly significant change beyond the standard recommendations of
> using a salted PBKDF2, bcrypt or scrypt - or HMAC's at scale.
> If you're into this sort of thing, check out
> https://password-hashing.net/argon2-specs.pdf. Various crypto libraries
> are working on production class implementations now, and should be ready
> sometime in 2016/17. Worth putting on your radar.
> Jim Manico
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders