[Cryptography] The proper way to hash password files
Yann Droneaud
ydroneaud at opteya.com
Mon May 26 11:17:01 EDT 2014
Le jeudi 22 mai 2014 à 13:09 -0400, Phillip Hallam-Baker a écrit :
> Lots of sackcloth and ashes as EBay loses a password file.
>
> It occurs to me that most of the time, machines do password files
> wrong. Rather than using a salted hash, a better approach would be to
> use a MAC with a randomly chosen key that is never disclosed.
>
> Now this seems obvious but I can't recall ever seeing code set up to
> do the job this way...
The proper way to hash passwords is at https://password-hashing.net/
(or someone was late to submit her proposal !)
Regards.
--
Yann Droneaud
OPTEYA
More information about the cryptography
mailing list