Explore >> Select a destination
|
You are here 
|
blog.josefsson.org | ||
| | | | |
dusted.codes
|
|
| | | | | SHA-256 is not a secure password hashing algorithm | |
| | | | |
www.sjoerdlangkemper.nl
|
|
| | | | | ASVS states that passwords should be at most 128 characters. This originates from the idea that longer passwords take longer to hash, which can lead to a denial of service when an attacker performs login attempts with very long passwords. However, this is not generally true. With a proper hash function, longer passwords do not take a significantly longer time to hash. | |
| | | | |
scottarc.blog
|
|
| | | | | Musing about Password-Based Cryptography for the Government What would a modern NIST standard for password-based cryptography look like? Obviously, we have PBKDF2--which, if used with a FIPS-approved hash function, gives you a way to derive encryption keys and/or password validators from human-memorable secrets. However, PBKDF2 isn't memory-hard. In 2012, several cryptographers initiated the Password Hashing... | |
| | | | |
honeypot.net
|
|
| | | I received an email from Slack on Thursday, 2022-08-04: We're writing to let you know about a bug we recently discovered and fixed in Slack's Shared Invite Link functionality. This feature allows users with the proper permissions to create a link that will allow anyone to join your Slack workspace; it is an alternative to inviting people one-by-one via email to become workspace members. You are receiving this email because one or more members of your workspace created and/or revoked one of these links fo... | ||
