Explore >> Select a destination
|
You are here 
|
blog.josefsson.org | ||
| | | | |
dusted.codes
|
|
| | | | | SHA-256 is not a secure password hashing algorithm | |
| | | | |
www.latacora.com
|
|
| | | | | When people talk about PBKDFs (Password Based Key Derivation Functions), this is usually either in the context of secure password storage, or in the context of how to derive cryptographic keys from potentially low-entropy passwords. The Password Hashing Competition (PHC, 2013-2015) was an open competition to derive new password hashing algorithms, resulting in Argon2 hash as its winner. Apart from achieving general hash security, many of the candidates focused on achieving resistance to parallel attacks ... | |
| | | | |
scottarc.blog
|
|
| | | | | Musing about Password-Based Cryptography for the Government What would a modern NIST standard for password-based cryptography look like? Obviously, we have PBKDF2--which, if used with a FIPS-approved hash function, gives you a way to derive encryption keys and/or password validators from human-memorable secrets. However, PBKDF2 isn't memory-hard. In 2012, several cryptographers initiated the Password Hashing... | |
| | | | |
8yd.no
|
|
| | | Passwords should be set, not sent - and other things I thought about when someone talked about password-emailing as a natural part of the user registration. I'm no security expert, but that's a big n... | ||
