Security!

Why are there still systems out there that does this:
And this: 

If you develop systems that require any form of authentication and you need to store passwords.  Do not encrypt your passwords, hash them.  Preferably use bcrypt (http://codahale.com/how-to-safely-store-a-password/).

And some additional links: http://www.codinghorror.com/blog/2012/04/speed-hashing.htmlhttp://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage/6415#6415

Comments

Popular Posts