Saturday, October 6, 2007

Now add some pepper to your password

I previously wrote a post on password security based on Jeff Atwood's post explaining "Rainbow tables".
As it turns out, Jeff received a feedback from cryptographer Thomas Ptacek pointing out some corrections to the strategy offered in the original post.

The most important idea was using a cryptographically secure hash, meaning hash which expansive in processor time, unlike the common MD5.
One alternative is the Bcrypt algorithm, which has a C# implementation from Derek Slager.

(thanks to Kansir for the photo)

No comments: