Analyzing and Fixing Password Protection Schemes
Date: October 2012
Publication: OWASP AppSec USA, 2012
Source 1: https://github.com/jsteven/psm/blob/master/presentations/Secure%20Password%20Storage%20AUS%20%28w%20Notes%29.pptx.pdf
In this talk jOHN takes apart password protection scheme analyzing the attack resistance of hashes, hmacs, adaptive hashes (such as script), and encryption schemes. First, we present a threat model for password storage. Then audience members will learn the construction, performance, and protective properties of these primitives. Discussion of the primitives will be from a critical perspective modeled as an iterative secure design session.
Ultimately, this session presents the solution and code donated as part of the on-going OWASP PSM (password storage module) project. Discussion of this solution will include key techniques for hardening PSM learned through years of delivering production JavaEE code to customers.
PasswordResearch.com Note: Video of presentation available: https://vimeo.com/54130351 Project page that includes password storage threat model: https://github.com/jsteven/psm
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.