[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] thoughts on salted passwords within web applications?

From: "Joe White" <joe@xxxxxxxxxxxxxxxxxx>
Subject: Re: [WEB SECURITY] thoughts on salted passwords within web applications?
Date: Sat, 26 Jan 2008 11:10:56 -0800

James,

Awesome link!  I am a bit embarrassed to admit that i had missed this
post originally but truly thank you for sharing it now.

Thanks again,
joe

<<<>>>

On 1/25/08, James Landis <jcl24@xxxxxxxxxxx> wrote:
> There was a thread on this list on this topic a couple of weeks ago.
>
> This would be a good link to give to your co-worker:
>
> http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/
>
> -j
>
> On Jan 25, 2008 2:40 PM, Joe White <joe@xxxxxxxxxxxxxxxxxx> wrote:
> > perhaps this is not the best forum for this question but are there any
> > thoughts on web application specific benefits for using salted
> > passwords (or other salts) within web applications?
> >
> > i ask only because i just finished an email exchange with a co-worker
> > and my position was that salts are a best practice in any situation
> > and not specifically web application related.
> >
> > are there specific compliance concerns around the use of salts in term
> > of PCI or safeguarding PII that web applications need to be concerned
> > with?
> >
> > any thoughts?
> >
> > thanks,
> > joe
> >
> > p.s.  if you are not familiar with salts, our good ol' wikipedia has a
> > decent primer here:
> >
> > http://en.wikipedia.org/wiki/Salt_(cryptography).
> >
> >
> > <<<>>>
> >
> > ----------------------------------------------------------------------------
> > Join us on IRC: irc.freenode.net #webappsec
> >
> > Have a question? Search The Web Security Mailing List Archives:
> > http://www.webappsec.org/lists/websecurity/
> >
> > Subscribe via RSS:
> > http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> >
> >
>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] thoughts on salted passwords within web applications?
  - From: Nicolae Namolovan

References:
- [WEB SECURITY] thoughts on salted passwords within web applications?
  - From: Joe White
- Re: [WEB SECURITY] thoughts on salted passwords within web applications?
  - From: James Landis

Prev by Date: Re: [WEB SECURITY] thoughts on salted passwords within web applications?
Next by Date: Re: [WEB SECURITY] thoughts on salted passwords within web applications?
Previous by thread: Re: [WEB SECURITY] thoughts on salted passwords within web applications?
Next by thread: Re: [WEB SECURITY] thoughts on salted passwords within web applications?
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site