Nick Malcolm

Home

Blog

About

 

Twitter

Github

LinkedIn

SlideShare

OWASP 2020

I’ve just come back from OWASP NZ Day 2020, held at Auckland University this February. As well as seeing some excellent presentations I was also able to present a talk on how developers can store their users’ passwords safely.

A Recipe for Password Storage: Add Salt to Taste

Every time a website gets breached you hope to hear “your password was salted and hashed” instead of “your passwords were stored in plain text” - but what does that actually mean, and why is it a good thing?

Wash your hands, don your apron, and join me for as we follow the recipe for storing passwords safely. We’ll learn a bit about cryptography and one-way functions (that’s the hash!), how to source good ingredients (bcrypt, scrypt, argon, oh my!), why adding a pinch of salt helps, how many times must we stir the mix, and what happens if we miss a step? In the face of an attacker, will our delicious password loaf rise to the occasion, or will it fall flat in disappointment and despair?!

You can flick through the slides here: https://www.slideshare.net/NickMalcolm/a-recipe-for-password-storage-add-salt-to-taste

I’ll update this post once the MP3 recording, and links to other great talks from the conference, become available.
 

@JPDanner Tweet during Nick's OWASP talk

28 February 2020