Stories
Slash Boxes
Comments

SoylentNews is people

If You're Not Peppering Your Passwords, You Are Irresponsible

posted by Fnord666 on Tuesday March 05 2019, @01:15PM   Printer-friendly
from the push-it dept.

Arthur T Knackerbracket has found the following story:

You heard me. You know how weak your user’s passwords likely are. You know your users are almost certainly sharing their passwords with multiple sites. You know that a compromise of your database could lead to significant damage coming to them. You know this because it happens all the time, all over the web.

You have a duty to protect the security and privacy of your userbase. They’ve entrusted you with their data, and it is on you to keep it safe. So why aren’t you doing everything possible to accomplish that task? For this blog, we are going to talk exclusively about password storage.

If you ask just about any security professional in the world how best to store a password, you’re liable to hear something about using a cryptographically secure hashing function “with a salt.” Some will go so far as to mention algorithms like Bcrypt or Scrypt. Very few will make any mention to how password policy plays a significant part in ensuring the security of any stored values.

But almost none of them, will even mention the word “pepper.” Now I suspect this isn’t malicious, (obviously). I think even most security professionals simply aren’t informed enough to know or act with regard to this concept.

So today we’re gonna work on that…

Original Submission

 
This discussion has been archived. No new comments can be posted.
If You're Not Peppering Your Passwords, You Are Irresponsible | Log In/Create an Account | Top | 86 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Runaway1956 on Tuesday March 05 2019, @03:19PM (4 children)

    by Runaway1956 (2926) Subscriber Badge on Tuesday March 05 2019, @03:19PM (#810271) Journal

    Would jalapenos work for you? If not, we can get some jabaneros.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0, Touché) by Anonymous Coward on Tuesday March 05 2019, @03:37PM (3 children)

    by Anonymous Coward on Tuesday March 05 2019, @03:37PM (#810277)

    Runaway is too white to handle habaneros. Probably can barely handle jalapeños, and serranos [wikipedia.org] are out of the question for him, because at a meek power level of 20,000 scovilles, the serranos make him question his manhood, his sexual orientation, his patriarchy, and his smirking white-male-cis-het supremacy. But don't worry, the white homosexuals of both genders will show up, and they will sympathize with his hatred for the serrano pepper, because if there is one thing that white cis hets have in common with white homosexuals of both genders, it is white supremacy!

    (Which of course we cannot have for all the additional reasons that have been previously identified. If we allow the white supremacists to win, say goodbye to decent hot wings! Fuck those milk drinkers! The white snowflake race is not even welcome in Skyrim!)

    • (Score: 2) by Runaway1956 on Tuesday March 05 2019, @03:50PM

      by Runaway1956 (2926) Subscriber Badge on Tuesday March 05 2019, @03:50PM (#810283) Journal

      U triggered, bro?

    • (Score: 0) by Anonymous Coward on Tuesday March 05 2019, @06:21PM (1 child)

      by Anonymous Coward on Tuesday March 05 2019, @06:21PM (#810333)

      LOL Habaneros ain't even that spicy pussy. Go fuck a ghost pepper.

      • (Score: 0) by Anonymous Coward on Tuesday March 05 2019, @11:21PM

        by Anonymous Coward on Tuesday March 05 2019, @11:21PM (#810484)

        Not Carolina reaper or scorpion pepper?