nanog mailing list archives

Password storage (was Re: gmail security is a joke)

From: Robert Kisteleki <robert () ripe net>
Date: Thu, 28 May 2015 11:29:31 +0200

Bcrypt or PBKDF2 with random salts per password is really what anyone
storing passwords should be using today.


Indeed. A while ago I had a brainfart and presented it in a draft:
https://tools.ietf.org/html/draft-kistel-encrypted-password-storage-00

It seemed like a good idea at the time :-) It didn't gain much traction though.

Robert

Current thread:

Re: gmail security is a joke, (continued)
- - - Re: gmail security is a joke James Downs (May 27)
    - Re: gmail security is a joke Barry Shein (May 27)
    - Re: gmail security is a joke Barry Shein (May 27)
    - Re: gmail security is a joke William Herrin (May 27)
    - Re: gmail security is a joke Barry Shein (May 27)
    - Re: gmail security is a joke Rich Kulawiec (May 27)
    - Re: gmail security is a joke Barry Shein (May 27)
    - Re: gmail security is a joke Peter Beckman (May 27)
    - RE: gmail security is a joke John Souvestre (May 27)
    - Re: gmail security is a joke Jimmy Hess (May 27)
    - Password storage (was Re: gmail security is a joke) Robert Kisteleki (May 28)
    - Re: Password storage (was Re: gmail security is a joke) Christopher Morrow (May 28)
    - Re: Password storage (was Re: gmail security is a joke) shawn wilson (May 28)
    - Re: Password storage (was Re: gmail security is a joke) Michael Thomas (May 28)
    - Re: gmail security is a joke Saku Ytti (May 26)
    - Re: gmail security is a joke Valdis . Kletnieks (May 26)
    - Re: gmail security is a joke Christopher Morrow (May 26)
    - Re: gmail security is a joke Mark Andrews (May 26)
    - Re: gmail security is a joke Owen DeLong (May 27)
    - Re: gmail security is a joke Joe Abley (May 27)
    - Re: gmail security is a joke Saku Ytti (May 27)

(Thread continues...)