This is Andi Wundsam's Typepad Profile.
Join Typepad and start following Andi Wundsam's activity
Join Now!
Already a member? Sign In
Andi Wundsam
Recent Activity
As some commenters have already pointed out, this post contains incorrect information. The UNIX crypt routine computes exactly what you are advocating -- salted hashes, even though it relies on symmetrical DES algorithm. Of course, that does not mean that using it is actually a good idea -- because of its low computational complexity and the short 2-char salt. bcrypt is generally recommended as a viable approach these days.. And at the end of the day, though, with passwords like '123456' and 'password' chosen by most users [1], no amount of smart hashing is going to help you if the database is compromised. As there is enough confusion about password security in the blogosphere already, and your blog enjoys fairly high visibility, it would be nice to see that point fixed in the post. [1] http://www.duosecurity.com/blog/entry/brief_analysis_of_the_gawker_password_dump
Toggle Commented Dec 15, 2010 on The Dirty Truth About Web Passwords at Coding Horror
Andi Wundsam is now following The Typepad Team
Dec 15, 2010