Regarding secure password storage
Goblinlordx opened this issue · 0 comments
Goblinlordx commented
Regarding: password storage
I feel that simply saying "hash" here is a little... irresponsible. Without mention of actually having some kind of work factor/key derivation/key stretching (owasp, wiki: key derivation, wiki: key stretching) it seems like fairly poor advice. Recommending only "using a salt" seems entirely insufficient.