[Owasp-leaders] Password Storage Cryptography

Sherif Mansour sherif.mansour at owasp.org
Sun Feb 21 20:13:44 UTC 2016


Thanks Jim,

On the related topic of storing application credentials (i.e. how to store
the credentials/tokens an application uses to authenticate to datastores
and other apps etc..), has anyone investigated https://www.vaultproject.io/
? and if so what were your thoughts on it?

Kind regards
Sherif Mansour

On Sun, Feb 21, 2016 at 7:18 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Hello folks,
>
> I made a significant update to the password storage cheatsheet (hat tip to
> John Steven) to mention the winner of the password hashing competition,
> *Argon2*.
>
>
> https://www.owasp.org/index.php?title=Password_Storage_Cheat_Sheet&diff=209303&oldid=203402
>
> This is a fairly significant change beyond the standard recommendations of
> using a salted PBKDF2, bcrypt or scrypt - or HMAC's at scale.
>
> If you're into this sort of thing, check out
> https://password-hashing.net/argon2-specs.pdf. Various crypto libraries
> are working on production class implementations now, and should be ready
> sometime in 2016/17. Worth putting on your radar.
>
> Aloha,
> Jim Manico
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160221/3f17de3e/attachment.html>


More information about the OWASP-Leaders mailing list