Nick Malcolm









OWASP 2020

I’ve just come back from OWASP NZ Day 2020, held at Auckland University this February. As well as seeing some excellent presentations I was also able to present a talk on how developers can store their users’ passwords safely.

A Recipe for Password Storage: Add Salt to Taste

Every time a website gets breached you hope to hear “your password was salted and hashed” instead of “your passwords were stored in plain text” - but what does that actually mean, and why is it a good thing?

Wash your hands, don your apron, and join me for as we follow the recipe for storing passwords safely. We’ll learn a bit about cryptography and one-way functions (that’s the hash!), how to source good ingredients (bcrypt, scrypt, argon, oh my!), why adding a pinch of salt helps, how many times must we stir the mix, and what happens if we miss a step? In the face of an attacker, will our delicious password loaf rise to the occasion, or will it fall flat in disappointment and despair?!

You can flick through the slides here:

I’ll update this post once the MP3 recording, and links to other great talks from the conference, become available.

@JPDanner Tweet during Nick's OWASP talk

28 February 2020