Now add some pepper to your password
I previously wrote a post on password security based on Jeff Atwood's post explaining "Rainbow tables".
As it turns out, Jeff received a feedback from cryptographer Thomas Ptacek pointing out some corrections to the strategy offered in the original post.
The most important idea was using a cryptographically secure hash, meaning hash which expansive in processor time, unlike the common MD5.
One alternative is the Bcrypt algorithm, which has a C# implementation from Derek Slager.
(thanks to Kansir for the photo)
No comments:
Post a Comment