peppered password hashing - Forum - Mobile - Progress Community

peppered password hashing

 Forum

peppered password hashing

  • Reading and finding some interesting things as an (almost) total salted password dummy. F.e.
    https://crackstation.net/hashing-security.htm
    https://news.ycombinator.com/item?id=3724560
    https://github.com/tonyg/js-scrypt
    Any comments / recommendations? Which CSPRNG could I use with a javascript framework (you have informative links?)? A question for http://crypto.stackexchange.com I think but maybe some on this forum have given this issue more thought?
     
    Regards, Stefan.
  • I suggest looking at a lot of the articles that Troy Hunt (an aussie MVP with a high focus on security) has written on his website, he goes into a lot of things about the best practices with things like this.

    At a quick glance, I would suggest things like:

    www.troyhunt.com/.../everything-you-ever-wanted-to-know.html and

    www.troyhunt.com/.../our-password-hashing-has-no-clothes.html

    The second one is a really good insight when it comes to passwords, especially when it comes to ways you do the hashing, as he explains, your password hashing is only as good as the passwords that people choose for the most part.