bwall Posted June 27, 2012 Share Posted June 27, 2012 Hey, Planning on publishing this paper soon about how to properly hash a password as well as including a new idea for dynamic entropy. Let me know what you think. http://ballastsec.blogspot.com/2012/06/proper-password-hashing.html Quote Link to comment Share on other sites More sharing options...
digininja Posted June 27, 2012 Share Posted June 27, 2012 Nice to see recommendations of crypto hashes rather than fast ones. Did you hear the recent Risky Business where Marcus Ranum talks about hashing? http://risky.biz/netcasts/risky-business/risky-business-242-massive-recon-hd-moore Quote Link to comment Share on other sites More sharing options...
bwall Posted June 27, 2012 Author Share Posted June 27, 2012 (edited) Nice to see recommendations of crypto hashes rather than fast ones. Did you hear the recent Risky Business where Marcus Ranum talks about hashing? http://risky.biz/net...-recon-hd-moore It was a pretty interesting talk to listen to, but they didn't really settle on anything other than "the system is borked". As the paper mentions, Ballast Security is working on a new authentication system, that can be patched into websites and the like as a method for verifying user/passwords. We are hoping to do a public live demo of this project soon, but we need to find somewhere to host it because its likely someone will try to just brute force the authentication on the server, D/DoSing the live demo. We plan on implementing throttling methods, but we host on a VPS, and maxing out the CPU would probably get our account dropped. Edited June 28, 2012 by bwall Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.