peppered password hashing - Mobile - Forum - Progress Community Archive

Posted by agent_008_nl on 31-Jul-2015 04:25

Reading and finding some interesting things as an (almost) total salted password dummy. F.e.

https://crackstation.net/hashing-security.htm

https://news.ycombinator.com/item?id=3724560

https://github.com/tonyg/js-scrypt

Any comments / recommendations? Which CSPRNG could I use with a javascript framework (you have informative links?)? A question for http://crypto.stackexchange.com I think but maybe some on this forum have given this issue more thought?

Regards, Stefan.

Mobile - Forum

All Replies

Posted by rayherring on 31-Jul-2015 04:45

I suggest looking at a lot of the articles that Troy Hunt (an aussie MVP with a high focus on security) has written on his website, he goes into a lot of things about the best practices with things like this.

At a quick glance, I would suggest things like:

www.troyhunt.com/.../everything-you-ever-wanted-to-know.html and

www.troyhunt.com/.../our-password-hashing-has-no-clothes.html

The second one is a really good insight when it comes to passwords, especially when it comes to ways you do the hashing, as he explains, your password hashing is only as good as the passwords that people choose for the most part.

This thread is closed