[Cryptography] The proper way to hash password files
Phillip Hallam-Baker
phill at hallambaker.com
Thu May 22 13:09:57 EDT 2014
Lots of sackcloth and ashes as EBay loses a password file.
It occurs to me that most of the time, machines do password files
wrong. Rather than using a salted hash, a better approach would be to
use a MAC with a randomly chosen key that is never disclosed.
Now this seems obvious but I can't recall ever seeing code set up to
do the job this way...
More information about the cryptography
mailing list