[OWASP_PHPSEC] Second Library - Password Management

Abbas Naderi abiusx at owasp.org
Tue May 28 16:27:51 UTC 2013


Abhishek,
Keep in mind that most of those libraries and posts take their ideas from OWASP, and many of them has done it wrong. Do not trust them, you should do something that is proven to be good, not something that is used most by the industry. We have had talks in OWASP, and I can show you why most of those idaes are wrong.
Thanks
-Abbas
On ۷ خرداد ۱۳۹۲, at ۱۵:۴۹, Abhishek Das <das.abhshk at gmail.com> wrote:

> Posting a few very useful links:
> 
> http://stackoverflow.com/questions/1561174/sha512-vs-blowfish-and-bcrypt
> http://security.stackexchange.com/questions/4789/most-secure-password-hash-algorithms
> http://en.wikipedia.org/wiki/SHA-2
> http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html
> 
> As of now, bcrypt seems like the most preferred hashing method, followed closely by the SHA2 (multiple round) implementations. 
> 
> In addition to jframework, I am looking at the PHPass password hashing framework as well to see how they've implemented stuff: http://www.openwall.com/phpass/
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130528/4544667e/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list