[OWASP_PHPSEC] Second Library - Password Management

Abhishek Das das.abhshk at gmail.com
Tue May 28 11:19:24 UTC 2013


Posting a few very useful links:

http://stackoverflow.com/questions/1561174/sha512-vs-blowfish-and-bcrypt
http://security.stackexchange.com/questions/4789/most-secure-password-hash-algorithms
http://en.wikipedia.org/wiki/SHA-2
http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html

As of now, bcrypt seems like the most preferred hashing method, followed
closely by the SHA2 (multiple round) implementations.

In addition to jframework, I am looking at the PHPass password hashing
framework as well to see how they've implemented stuff:
http://www.openwall.com/phpass/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130528/07774516/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list