rfc:password_hash
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
rfc:password_hash [2012/09/12 14:19] – Fix timing attack broken link ircmaxell | rfc:password_hash [2017/09/22 13:28] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 3: | Line 3: | ||
* Date: 2012-06-26 | * Date: 2012-06-26 | ||
* Author: Anthony Ferrara < | * Author: Anthony Ferrara < | ||
- | * Status: | + | * Status: |
* First Published at: http:// | * First Published at: http:// | ||
Line 27: | Line 27: | ||
===== Common Misconceptions ===== | ===== Common Misconceptions ===== | ||
- | ==== Salts Need To Be Cryptographically Secure | + | ==== Salts Need To Be True Random |
- | Salts exist for a single reason: To make it so that any time (CPU effort) spent cracking a single password hash cannot be amortized across multiple hashes. That means that attacking a single password hash will have no impact on the time it will take attacking another hash. Based on that reason, salts only need to be unique | + | Salts exist for a single reason: To make it so that any time (CPU effort) spent cracking a single password hash cannot be amortized across multiple hashes. That means that attacking a single password hash will have no impact on the time it will take attacking another hash. Based on that reason, salts only need to be statistically globally |
==== Hash(password + salt) Is Fine ==== | ==== Hash(password + salt) Is Fine ==== | ||
Line 422: | Line 422: | ||
* 1.3 - Open Voting | * 1.3 - Open Voting | ||
* 1.4 - Close Voting - Moving To Accepted | * 1.4 - Close Voting - Moving To Accepted | ||
+ | * 1.5 - Implemented! | ||
+ | * 1.5.1 - Fine tune wording of " |
rfc/password_hash.1347459550.txt.gz · Last modified: 2017/09/22 13:28 (external edit)