[Chugalug] Why you don't store passwords, explained

Stephen Kraus ub3ratl4sf00 at gmail.com
Tue Nov 5 21:07:00 UTC 2013


Its more 'why you don't just encrypt your password database with a broken
encryption system'

Hash storage is what they were supposed to do.
On Nov 5, 2013 1:06 PM, "Dave Brockman" <dave at brockmans.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/
>
> Well written article with a mini crib-sheet guide included :)
>
> Regards,
>
> dtb
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJSeTMjAAoJEMP+wtEOVbcdXYIH/i587GZTZBEfLEDLRiLY2n+c
> BBjZGLCYF+WvzHFqI725vKwTlzlwW36UFrLxORN7lfv1JM5qCDFdeQG9XqkZKkYG
> UAck4M1E07xXYzZnWQe/Rir0DoXzJJ/FL0HmrhtADvlzLyVuykiDLx71zueyDh8+
> 2utCpc6TE85klUOYAqbMZFX5ul9tGoQkYAKZcf6RM/VWUWdY8kyAcprVmV/h1hSn
> HDJ1xevmpk5/zEOB41Nf5Yiv1mc2vMVYYpphK1UBd+HbF9XEj1xAUTRQZQXotFhA
> uvODS6q32UgwKhGfM096RMP/Dk47gSOf730IPQNxihbsdbL+M/UNhMzKX5+lClw=
> =qxNX
> -----END PGP SIGNATURE-----
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20131105/2dd45081/attachment.html>


More information about the Chugalug mailing list