Explore >> Select a destination
|
You are here 
|
www.sjoerdlangkemper.nl | ||
| | | | |
defuse.ca
|
|
| | | | | ||
| | | | |
soatok.blog
|
|
| | | | | Programmers don't understand hash functions, and I can demonstrate this to most of the people that will read this with a single observation: When you saw the words "hash function" in the title, you might have assumed this was going to be a blog post about password storage. (Passwords are the most common knee-jerk reaction... | |
| | | | |
pboyd.io
|
|
| | | | | Here's a fun list to look through: Dumb Password Rules. Most of the rules seem arbitrary, like only allowing digits, but some hint at deeper problems. For instance, preventing single-quotes. They aren't inserting passwords into a database without a SQL placeholder, right? Nearly every site on that list has a needlessly short maximum password size. If they're storing passwords correctly, there's no need for this. This post will go through a few bad ways to store a password and you can see what I mean.... | |
| | | | |
blog.cryptographyengineering.com
|
|
| | | Update 6/10: Based on a short conversation with an engineering lead at X, some of the devices used at X are claimed to be using HSMs. See more further below. Matthew Garrett has a nice post about Twitter (uh, X)'s new end-to-end encryption messaging protocol, which is now called XChat. The TL;DR of Matthew's post... | ||
