[OWASP_PHPSEC] Second Library - Password Management

johanna curiel curiel johanna.curiel at owasp.org
Tue May 28 16:35:51 UTC 2013


Abbas

Would it be possible to let us know which concepts are wrong?

I think would be nice if this is clarify for us. Do you have any docs on
this?

thanks

Johanna


On Tue, May 28, 2013 at 12:27 PM, Abbas Naderi <abiusx at owasp.org> wrote:

> Abhishek,
> Keep in mind that most of those libraries and posts take their ideas from
> OWASP, and many of them has done it wrong. Do not trust them, you should do
> something that is proven to be good, not something that is used most by the
> industry. We have had talks in OWASP, and I can show you why most of those
> idaes are wrong.
> Thanks
> -Abbas
> On ۷ خرداد ۱۳۹۲, at ۱۵:۴۹, Abhishek Das <das.abhshk at gmail.com> wrote:
>
> Posting a few very useful links:
>
> http://stackoverflow.com/questions/1561174/sha512-vs-blowfish-and-bcrypt
>
> http://security.stackexchange.com/questions/4789/most-secure-password-hash-algorithms
> http://en.wikipedia.org/wiki/SHA-2
>
> http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html
>
> As of now, bcrypt seems like the most preferred hashing method, followed
> closely by the SHA2 (multiple round) implementations.
>
> In addition to jframework, I am looking at the PHPass password hashing
> framework as well to see how they've implemented stuff:
> http://www.openwall.com/phpass/
>  _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>
>
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130528/3f62dbda/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list