Password storage (was Re: gmail security is a joke)

Robert Kisteleki robert at ripe.net
Thu May 28 09:29:31 UTC 2015


> Bcrypt or PBKDF2 with random salts per password is really what anyone
> storing passwords should be using today.

Indeed. A while ago I had a brainfart and presented it in a draft:
https://tools.ietf.org/html/draft-kistel-encrypted-password-storage-00

It seemed like a good idea at the time :-) It didn't gain much traction though.

Robert




More information about the NANOG mailing list