nanog mailing list archives
Re: Password storage (was Re: gmail security is a joke)
From: Michael Thomas <mike () mtcc com>
Date: Thu, 28 May 2015 07:41:46 -0700
On 05/28/2015 02:29 AM, Robert Kisteleki wrote:
Bcrypt or PBKDF2 with random salts per password is really what anyone storing passwords should be using today.Indeed. A while ago I had a brainfart and presented it in a draft: https://tools.ietf.org/html/draft-kistel-encrypted-password-storage-00 It seemed like a good idea at the time :-) It didn't gain much traction though.
Or you could choose to not store any form of password at all on the server: https://datatracker.ietf.org/doc/rfc7486/ Mike
Current thread:
- Re: gmail security is a joke, (continued)
- Re: gmail security is a joke William Herrin (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke Rich Kulawiec (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke Peter Beckman (May 27)
- RE: gmail security is a joke John Souvestre (May 27)
- Re: gmail security is a joke Jimmy Hess (May 27)
- Password storage (was Re: gmail security is a joke) Robert Kisteleki (May 28)
- Re: Password storage (was Re: gmail security is a joke) Christopher Morrow (May 28)
- Re: Password storage (was Re: gmail security is a joke) shawn wilson (May 28)
- Re: Password storage (was Re: gmail security is a joke) Michael Thomas (May 28)
- Re: gmail security is a joke Saku Ytti (May 26)
- Re: gmail security is a joke Valdis . Kletnieks (May 26)
- Re: gmail security is a joke Christopher Morrow (May 26)
- Re: gmail security is a joke Mark Andrews (May 26)
- Re: gmail security is a joke Owen DeLong (May 27)
- Re: gmail security is a joke Joe Abley (May 27)
- Re: gmail security is a joke Saku Ytti (May 27)
- Re: gmail security is a joke Joel Maslak (May 27)
- Re: gmail security is a joke Rafael Possamai (May 27)
- Re: gmail security is a joke Jimmy Hess (May 29)