password hashing explained
Robert Seastrom
rs at seastrom.com
Fri Jun 10 07:57:11 CDT 2016
A few months ago I helped W3HWN refine his excellent sidebar on password hashing and storage for the newsletter. For further reading there's a good article in the current issue of Wired that goes into some detail on the same thing, particularly in light of the now-117-million-strong LinkedIn breach.
https://www.wired.com/2016/06/hacker-lexicon-password-hashing/
TL;DR - for personal use, deploy complex passwords (long and not in any dictionary), don't reuse passwords between services. For heaven's sake if you're writing server side stuff that stores passwords understand that this is not the place to display your ham radio DIY spirit. Use someone else's library that has been vetted and reviewed by professionals for your password hashing. Your users will thank you in the event of a data breach, which like an auto accident is statistically inevitable - that's why we have seat belts, insurance policies, bcrypt, scrypt, and pbkdf2.
More information about the Tacos
mailing list