This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Password Storage Cheat Sheet"
From OWASP
m (→Password Storage Rules) |
m |
||
Line 1: | Line 1: | ||
− | = | + | = DRAFT CHEAT SHEET - WORK IN PROGRESS = |
= Introduction = | = Introduction = |
Revision as of 19:04, 21 September 2011
DRAFT CHEAT SHEET - WORK IN PROGRESS
Introduction
This article is focused on providing guidance to storing a passwords in order to help prevent password theft.
Password Storage Rules
- Use a Modern Hash
- SHA
- bcrypt
- Use a long cryptograpgically random salt
- Isolate the salt from the hash
- Iterate the hash
OWASP Cheat Sheets Project Homepage