[180217] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Password storage (was Re: gmail security is a joke)

daemon@ATHENA.MIT.EDU (Michael Thomas)
Thu May 28 10:41:57 2015

X-Original-To: nanog@nanog.org
Date: Thu, 28 May 2015 07:41:46 -0700
From: Michael Thomas <mike@mtcc.com>
To: nanog@nanog.org
In-Reply-To: <5566DFFB.9050109@ripe.net>
Errors-To: nanog-bounces@nanog.org

On 05/28/2015 02:29 AM, Robert Kisteleki wrote:
>> Bcrypt or PBKDF2 with random salts per password is really what anyone
>> storing passwords should be using today.
> Indeed. A while ago I had a brainfart and presented it in a draft:
> https://tools.ietf.org/html/draft-kistel-encrypted-password-storage-00
>
> It seemed like a good idea at the time :-) It didn't gain much traction though.
>
>

Or you could choose to not store any form of password at all on the server:

https://datatracker.ietf.org/doc/rfc7486/

Mike


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[180217] in North American Network Operators' Group

Re: Password storage (was Re: gmail security is a joke)

daemon@ATHENA.MIT.EDU (Michael Thomas)Thu May 28 10:41:57 2015

daemon@ATHENA.MIT.EDU (Michael Thomas)
Thu May 28 10:41:57 2015