Comments on: Unsafe Password Storage Practices http://dansnetwork.com/2008/07/15/unsafe-password-storage-practices/ Web Design, Javascript, CSS, and More... Sat, 06 Mar 2010 12:45:08 -0500 http://wordpress.org/?v=2.8.4 hourly 1 By: Kristian Lunde http://dansnetwork.com/2008/07/15/unsafe-password-storage-practices/comment-page-1/#comment-900 Kristian Lunde Fri, 18 Jul 2008 08:40:20 +0000 http://blog.dansnetwork.com/2008/07/15/unsafe-password-storage-practices/#comment-900 Good post, short and simple, gives a good introduction to securing user passwords. But take notice of the reply from Jeremy Weiskotten, to do avoid rainbow table attacks you should always use salting. Good post, short and simple, gives a good introduction to securing user passwords. But take notice of the reply from Jeremy Weiskotten, to do avoid rainbow table attacks you should always use salting.

]]> By: Mark Champine http://dansnetwork.com/2008/07/15/unsafe-password-storage-practices/comment-page-1/#comment-894 Mark Champine Thu, 17 Jul 2008 22:44:40 +0000 http://blog.dansnetwork.com/2008/07/15/unsafe-password-storage-practices/#comment-894 A nice package to protect passwords for Java is Jasypt: http://www.jasypt.org. It uses a strong hash, random salt, plus iterations. Even if you're using another language, you might want to use a similar technique. Hi Jeremy! A nice package to protect passwords for Java is Jasypt: http://www.jasypt.org. It uses a strong hash, random salt, plus iterations. Even if you’re using another language, you might want to use a similar technique.

Hi Jeremy!

]]> By: Jeremy Weiskotten http://dansnetwork.com/2008/07/15/unsafe-password-storage-practices/comment-page-1/#comment-880 Jeremy Weiskotten Thu, 17 Jul 2008 02:55:26 +0000 http://blog.dansnetwork.com/2008/07/15/unsafe-password-storage-practices/#comment-880 Yes, it's very important to store a password hash instead of an actual password. It's almost as important to use a salt when generating the hash and verifying a password at login as well -- without a salt, accounts can be compromised more easily with a "rainbow table" (see http://en.wikipedia.org/wiki/Rainbow_table). Yes, it’s very important to store a password hash instead of an actual password. It’s almost as important to use a salt when generating the hash and verifying a password at login as well — without a salt, accounts can be compromised more easily with a “rainbow table” (see http://en.wikipedia.org/wiki/Rainbow_table).

]]>