Difference between revisions of "Password Storage Cheat Sheet"

From OWASP
Jump to: navigation, search
m (Password Storage Rules)
m
Line 1: Line 1:
= ACTIVE WORK IN PROGRESS AUGUST 2011 =
+
= DRAFT CHEAT SHEET - WORK IN PROGRESS =
  
 
= Introduction =
 
= Introduction =

Revision as of 14:04, 21 September 2011

DRAFT CHEAT SHEET - WORK IN PROGRESS

Introduction

This article is focused on providing guidance to storing a passwords in order to help prevent password theft.

Password Storage Rules

  1. Use a Modern Hash
    1. SHA
    2. bcrypt
  2. Use a long cryptograpgically random salt
    1. Isolate the salt from the hash
  3. Iterate the hash

OWASP Cheat Sheets Project Homepage

Developer Cheat Sheets (Builder)

Assessment Cheat Sheets (Breaker)

Mobile Cheat Sheets

OpSec Cheat Sheets (Defender)

Draft Cheat Sheets