|
Title: Quite a few people have been hacked. Do you use good password hashing protocols? Post by: WWP on February 21, 2018, 12:26:03 AM Someone has been hacked: https://bitcointalk.org/index.php?topic=1546435.0
I've also seem to have been hacked. So I started a new life. According to: https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet#Use_a_cryptographically_strong_credential-specific_salt and: https://www.keylength.com/ I'm reasonable to assume I've used a strong enough password for this time and age - on a properly configured forum. Password strength requires two components: - The service provider to use appropriate password hashing schemes. See the OWASP.org link. - The user to use a password of appropriate entropy for the time and age. See the KeyLength.com link. If your user doesn't want to be hacked on your forum, how many bits of entropy should his password consist of, according to your algorithm and the rules of math? Title: Re: Quite a few people have been hacked. Do you use good password hashing protocols? Post by: SaltySpitoon on February 21, 2018, 12:40:47 AM this is from a post regarding a database breach a while ago
-snip- Passwords were hashed very strongly. Each password is hashed with 7500 rounds of sha256crypt and a 12-byte random salt (per password). -snip- |