Explore >> Select a destination
|
You are here 
|
blog.heckel.io | ||
| | | | |
dusted.codes
|
|
| | | | | SHA-256 is not a secure password hashing algorithm | |
| | | | |
neilmadden.blog
|
|
| | | | | There has been a lot of discussion recently around the LastPass breach, especially with regards to the number of PBKDF2 iterations applied to the master password to derive the vault encryption key. Other people have already dissected this particular breach, but I want to more generally talk about PBKDF2 iterations and security models. (I'm not... | |
| | | | |
myers.io
|
|
| | | | | Every so often I see posts on Stack Exchange, or Hacker News where someone has figured out that their passwords are being sent to the server and the server can see them! The logic that we see is that if the password is hashed client side, then only the hash needs to be sent to the server, so the server never knows the password. Unfortunately, I sometimes even see this go one step further when people suggest that with this arrangement, HTTPS isnt required. Wrong. | |
| | | | |
www.evanmiller.org
|
|
| | | A review of Rust, the programming language built for safety - not necessarily for comfort. | ||
