Web Application Security
creating an open web application security home
sha-512 follow-up and thank you
June 1st, 2011 by Chris Lyon
I made a statement in my previous post, SHA-512 w/ per Users Salts about a “significant hit rate” when it comes to dictionary attacking hashes. This significant hit rate is what we are scared of because we feel that not many people really know the ease of dictionary attacking the hashes, even if you have [...]
SHA-512 w/ per User Salts is Not Enough
May 10th, 2011 by Chris Lyon
Back in January, I was having a causal conversation about passwords at a local gathering about security and was asked what we use for storing the passwords. I stated that we are using sha-512 w/ per user salts but we are looking at moving away from this standard to something much stronger. The response that [...]