Do you have questions about password hashing, storage and cracking? What is current best practice?
There have been a number of thought-stimulating articles in recent weeks about password cracking. If you have not read these, I would recommend taking a look. Each is fairly short.
- Why Passwords Have Never Been Weaker — And Crackers Have Never Been Stronger (Ars Technica) on the current issues around use of passwords and the status of cracking
- Password Cracking, Part I: How Much Has Cracking Improved? (Joseph Bonneau) on why you need to measure both power and efficiency to quantify advances in cracking
- Password Cracking, Part II: When Does Password Cracking Matter? (Joseph Bonneau) on why password cracking threats are often different for real world administrators
- Common Misconceptions of Password Cracking (Robert David Graham) on what matters when you are deciding how to hash passwords
Posted on: 14 September 2012 at 20:50 hrs